Privacy Policy

We take your privacy seriously.

Purpose and Scope

Onto Innovation Inc. (“Company” or “we” or “our”) respects your privacy and is committed to protecting it through our compliance with this website privacy policy (“Privacy Policy”). This Privacy Policy describes our practices for collecting, using, maintaining, protecting, and disclosing that information.

This Privacy Policy explains the types of personal data we may collect from you or that you may provide when you interact on the website www.ontoinnovation.com (our “Website”). This may include sending electronic messages through this Website, any mobile and desktop applications you download from the Website, which provide dedicated non-browser-based interaction between you and this Website or through the use of computer cookies. The Website may provide links to third party apps. This Privacy Policy does not apply to how third parties define personal data or how they use it. We encourage you to read their privacy policies and know your privacy rights before interacting with them.

Please read this Privacy Policy carefully to understand Company policies and practices regarding your information and how the Company will treat it. If you do not agree with our policies and practices, your choice is to not use our Website. By accessing or using this Website, you agree to this Privacy Policy.

Personal Data

For the purposes of this Privacy Policy, the term “Personal Data”, “Data” or “Personal Information” means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Aggregated data is considered non‑personal data for the purposes of this Privacy Policy.

All Website users and consumers that use the Website shall be considered Data Subjects.

Personal Data The Company Collects About You

The Company collects Personal Data from and about the Website users, both directly when you provide it and automatically while visiting the Website, as follows:

Personal Information You Provide

  • contact information, including name, job title, company, photo, email address, physical address, telephone number, fax number, or other contact information that you provide to be contacted by the Company.
  • information necessary to verify eligibility to use a Website service or to facilitate dealings or transactions; and
  • cookies and IP address;
  • data from which your device could be identified, such as device serial number, including your IP address, geographical location, browser type and version, and operating system;
  • other information you provide to us or direct third parties to do so on your behalf. Before you disclose to the Company Personal Data of another person, you must obtain that person’s consent to both the disclosure and the processing of that Personal Data in accordance with this Privacy Policy or have a sufficient other legal basis for such disclosure.

You are not required to provide the Personal Data that we have requested. However, if you choose not to do so, in many cases we will not be able to provide you with our products or services or respond to requests you may have.

Information Collected Automatically through Cookies

Cookies are small files which are downloaded to your device when you visit the Website. The cookie then sends information back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are useful because they allow a website to recognize a user’s device. Cookies allow you to navigate between pages efficiently, remember user preferences, and generally improve the user experience.

Cookies do not typically contain any information that personally identifies a user, but Personal Data that the Company may store about you may be linked to the information stored in and obtained from cookies. The Company uses Google Analytics cookies on the Website to recognize a computer when a user visits the Website. The Company will not use cookies to read other information on your computer’s hard drive. In addition, cookies could also be used if an individual submits a request with the Company for literature or other information. While the majority of computer browsers are initially set to accept cookies, they can be set to either refuse the placement of cookies or to provide a warning prior to the placement of a cookie.

If you block cookies, you will not be able to use all the features on the Website. Cookies already stored on your computer may be deleted from the computer but as with blocking cookies, deletion of cookies may have a negative impact upon the usability of many websites.

  • in Internet Explorer (version 10) you can block cookies using the cookie handling override settings available by clicking “Tools”, “Internet Options”, “Privacy”, and then “Advanced”;
  • in Firefox (version 24) you can block all cookies by clicking “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu, and unticking “Accept cookies from sites”; and
  • in Chrome (version 29), you can block all cookies by accessing the “Customize and control” menu, and clicking “Settings”, “Show advanced settings”, and “Content settings”, and then selecting “Block sites from setting any data” under the “Cookies” heading.

How the Company Uses Personal Data

The Company uses Personal Data that you submit on the Website to meet its legitimate business interests such as:

  • administration and personalizing the Website according to user individual interests;
  • data about your browsing history; search history, performance, and other diagnostic data; and other usage data to speed up user searches, recognize users when they return to the Website, estimating audience size and usage patterns, and store information about user preferences.
  • network and information security;
  • fraud investigation and prevention;
  • entering into an employment relationship with you;
  • enabling your use of the services available on the Website;
  • location information only to support employment related services globally.
  • sending you non-marketing commercial communications (with your consent);
  • sending you email notifications that you have specifically requested;
  • sending you the Company email newsletter, if you have requested it (you can opt-out of receiving the Company email newsletter at any time using the opt-out link provided in the email or you can inform the Company directly if you no longer require the newsletter); and
  • sending you marketing communications relating to our business (with your consent).
  • sending information to the Company’s business partners in order to meet the needs of the individual submitting the information;
  • to the extent that the Company is required to do so by law;
  • in connection with any ongoing or prospective legal proceedings;
  • to any person who the Company reasonably believes may apply to a court or other competent authority for disclosure of that Personal Data where, in the Company’s reasonable opinion, such court or authority would be reasonably likely to order disclosure of that Personal Data;
  • in order to establish, exercise, or defend the Company legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
  • to the purchaser (or prospective purchaser) of any business or asset that the Company may sell.

Retention of Personal Data

In general, the Company retains each of the categories of personal information and sensitive personal information described herein for the longer of (i) your relationship with us as an employee, current or prospective customer, vendor, or investor; (ii) for the duration necessary for compliance with the laws; (iii) for as long as necessary for the exercise or defense of legal rights or (iv) archiving, back-up, and deletion processes.

Disclosure of Personal Data

The Company may disclose aggregated information about the Website users, and information that does not identify any individual, without restriction. In addition, we disclose Personal Data:

  • to you and, where appropriate, your appointed representatives;
  • to corporate subsidiaries and affiliates worldwide;
  • to third party service providers and agents that the Company uses to support its business and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which the Company discloses it to them;
  • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Company about its Website users is among the assets transferred;
  • for any other purpose disclosed by the Company when users provide that information;
  • with user consent;
  • to comply with any court order, law, or legal process, including responding to any government or regulatory request;
  • to protect the rights, property, or safety of Company employees, its customers, or others;
  • to the extent required by law;
  • to establish, exercise, or defend the Company legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk;
  • to disclose Personal Data to any person who the Company reasonably believes may apply to a court or other competent authority for disclosure of that Personal Information where, in the Company’s reasonable opinion, such court or authority would be reasonably likely to order disclosure of that Personal Information.

The Company will not, without your express consent, supply your Personal Data to any third party whether for their or any other third party’s direct marketing or otherwise.

Security of Personal Data

The Company will take reasonable technical and organizational measures designed to prevent the accidental loss, misuse, alteration, and disclosure of your Personal Data. This includes the storage of all the Personal Data provided to the Company on our secure (password- and firewall-protected) servers. Nevertheless, you hereby acknowledge that the transmission of information over the internet is inherently insecure, and the Company cannot guarantee the security of data sent over the internet.

Children Under the Age of 13

The Website does not target and is not intended for children under the age of 13 or the equivalent age as specified by law in your jurisdiction. The Company acknowledges and follows the requirements of the Children’s Online Privacy Protection Act (COPPA). To that end, the Website does not target children or knowingly collect data from them. If the Company becomes aware that a child’s Personal Data has been submitted to the Company, such data will be deleted from the Company’s system.

Data Minimization

We take every reasonable step to ensure that your Personal Data that we process is limited to the Personal Data reasonably necessary in connection with the purposes set out in this Privacy Policy.

Data Accuracy

We take every reasonable step to ensure that your Personal Data that we process is accurate and, where necessary, kept up to date; and any of your Personal Data that we Process that is inaccurate (having regard to the purposes for which they are processed) are erased or rectified without delay. From time to time, we may ask you to confirm the accuracy of your Personal Data.

Accessing Personal Data

Website users may request access to, correct or delete any Personal Information that they have provided to the Company. The Company may not accommodate a request to change information, if it believes the change would violate any law or legal requirement or cause the information to be incorrect. The Company will respond to such requests within a reasonable time.

To submit a request, send an email to [email protected] with the following information or complete the Personal Information Request Form

  • First Name
  • Last Name
  • Email address
  • Relationship to Company (e.g., former employee, former contractor, customer, former customer, potential customer)
  • Description of the Request

The Company reserves the right to ask for documentation to verify your identity. The Company may request a photocopy of your passport or driver’s license certified by a notary plus an original copy of a utility bill showing your current address.

Opting Out

You may opt out of having the Company maintain your Personal Information at any time. Anyone who has submitted Personal Information on the Website may choose not to receive additional communications from the Company on the Company’s products, services, or events that the Company determines may be of further interest to the individual. If you initially chose to receive information from the Company but then later decided that you prefer to discontinue communications with the Company, you may unsubscribe at any time by accessing the automated link provided at the bottom of the email received from the Company. Alternatively, you may simply send an e-mail to [email protected], placing the word “Unsubscribe” in the subject line and providing the details of your request.

Changes to the Policy

The Company reserves the right to change, modify, add, or remove this Privacy Policy at any time in its sole discretion. Continued use of this Website after the Company makes changes is deemed to be acceptance of those changes. Website users are required to check the last modified date of this Privacy Policy periodically for updates.

Contact Information

For any concerns about this Privacy Policy and Company privacy practices, you may contact the Company using any of the following methods:

Email: [email protected]

Mailing Address: Onto Innovation Inc., 16 Jonspin Road, Wilmington, Massachusetts 01887 Tel: 978.253.6200

Policy last revised on October 31, 2023

Local US State Provisions

If you are a California, Colorado, Nevada, Virginia, or Utah resident, your state’s laws may provide you with additional rights regarding the Company’s use of your Personal Information. Users may learn more about their California privacy rights, by visiting: https://www.oag.ca.gov/privacy/ccpa. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of Website that are California residents to request certain information regarding Company’s disclosure of Personal Information to third parties for direct marketing purposes.

California

California residents may access the CCPA and CPRA Privacy Notice here.

Colorado, Virginia, and Utah each provide their state residents with rights to:

  • Confirm whether the Company processes their Personal Information.
  • Access and delete certain Personal Information.
  • Data portability.
  • Opt-out of personal data processing for targeted advertising and sales.

Colorado and Virginia also provide their state residents with rights to:

  • Correct inaccuracies in their Personal Information, taking into account the nature of the information as well as the processing purpose.
  • Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.

Nevada provides its residents with a limited right to opt-out of certain Personal Information sales.

Note: Company does not currently sell data thereby triggering that statute’s opt-out requirements.

Supplemental Information Specific to Non-US Users

Cross Border Data Transfers

The Company complies with the laws on the transfer of Personal Data between countries to help ensure data is protected, wherever it may be. Information that the Company collects may be stored, processed, and transferred between any of the countries in which the Company operates (United States of America, Japan, China, South Korea, Taiwan, Singapore, Malaysia, Vietnam, Israel, and countries within the European Union) in order to enable the Company to use the information in accordance with this Privacy Policy. To the extent legally required, we will put in place the framework to enable such transfers, typically the EU Standard Contractual Clauses (the text is available at https://ec.europa.eu/info/law/…).

Personal Data that you publish on the Website or submit for publication on the Website may be available, via the internet, around the world. The Company cannot prevent the use or misuse of such information by others. By using the Website, users expressly agree to the transfer of Personal Data for any legitimate purpose as described in this Privacy Policy.

European Union

If users are based in the European Union, the following provisions apply in addition to the remainder of this Policy:

European Union Data Protection Law means the General Data Protection Regulation (GDPR) Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016.

Data Subject Rights

  • Access: Data Subjects are entitled to ask the Company if it is processing their Personal Data and to request access to their Personal Data. This enables Data Subjects to receive a copy of the Personal Data that the Company holds about them and to check whether it is being lawfully processed.
  • Correction: Data Subjects are entitled to request that any incomplete or inaccurate Personal Data held about them is corrected.
  • Erasure: Data Subjects are entitled to ask the Company to delete or remove Personal Data in certain circumstances. There are certain exceptions where the Company may refuse a request for erasure, for example, where Personal Data is required for compliance with law or in connection with legal claims.
  • Restriction: Data Subjects are entitled to request suspension of the processing of certain Personal Data about them, for example, if Data Subjects want to establish its accuracy or the reason for processing it.
  • Data Portability: Data Subjects may request the transfer of a copy of certain Personal Data to themselves or to another party (if technically feasible). The Company shall provide Personal Data in an easily readable format.
  • Objection: where the Company is processing Personal Data based on its legitimate interest, Data Subjects may object to processing on this ground. However, applicable laws may allow Company to continue processing Personal Data based on its legitimate interests.
  • Withdrawal of consent: where Data Subjects have provided consent to the processing of Personal Data for a specific purpose, they have the right to withdraw consent for that specific processing at any time. The withdrawal of consent by Data Subjects does not affect the lawfulness of the processing based on consent provided before its withdrawal.

Lodge a complaint at a supervisory authority: The Company will do its best to resolve any complaints. However, if Data Subjects feel Company has not resolved their complaint, they have a right to lodge a complaint with a supervisory authority in the country where they live, where they work or where an alleged infringement of the applicable data protection law took place.

China

If users are based in China, the following provisions apply in addition to the other provisions of this Policy:

China Data Protection Laws means the Personal Information Protection Law (“PIPL”) of China (effective as of 1 November 2021), the Cyberspace Administration of China (CAC), the Data Security Law (“DSL”) of China (effective as of 1 September 2021) and other applicable laws, as each may be amended or replaced from time to time, and any regulations implementing the foregoing.

Personal Information Processor in China is Onto Innovation Shanghai Trading Co Ltd. Room 3F-301 ABC Building 3, No.690 BiBo Road, Pudong District, Shanghai China 201203. Phone: +86 21 60930600

Separate consent. Subject to the applicable China Data Protection Laws, the Company may ask for separate consent from Data Subjects if it processes Sensitive Personal Information, shares Personal Information with a third party on a “controller to controller” basis, publicises Personal Information, or transfers Personal Information outside of China.

Recipients of Data Subjects’ Personal Information. Company may share Personal Data with its affiliated companies worldwide in order to conduct marketing and promotion of the products, services, or activities that Data Subjects may be interested in. Such data helps the Company to analyze and know the users’ demands, to improve its products and services, to upgrade user experience, etc., in connection with the fulfilment of legitimate business purposes that are intended to serve users.

Individual Rights

In addition to the rights identified for the EU, Chinese residents have the following rights under the China Data Protection Laws.

  • Right to know. Data Subjects are entitled to request the Company to explain its processing rules for Personal Information. The Company shall respond to a user request within fifteen working days upon the receipt of user request. Otherwise, the Company will inform users of the delay and the reasons for such delay.
  • Children’s privacy: Company does not intentionally or knowingly collect Personal Information from children under the age of fourteen (14) in China. If users with parental responsibility over the child notice that their child has provided Personal Information to the Company without their approval, they may contact the Company at [email protected] to request deletion.

Policy last revised on October 31, 2023