Effective Date: May 21, 2013
Notice and Scope of Safe Harbor Certification
VMware, Inc., ("VMware") adheres to the Safe Harbor Privacy Principles published by the U.S. Department of Commerce ("Safe Harbor Principles") with respect to personal data relating to residents in the European Economic Area and Switzerland ("EEA/CH Data") that we receive in the United States from our subsidiaries, enterprise customers, consumer customers, our customers' end users distributors, suppliers and other business partners in Europe. In this notice, we explain how we collect and use EEA/CH Data except data relating to employees of our subsidiaries (which is covered by a separate notice that we distribute to such employees). Additional information on the Safe Harbor Principles and VMware’s scope of participation is available at http://www.export.gov/safeharbor.
Categories of EEA/CH Data
VMware develops software and delivers solutions for business IT infrastructure to business customers. We receive mostly business-related information from Europe, but also contact information related to individual representatives of customers, distributors, resellers, suppliers, and other business partners (including, without limitation, names, job titles, addresses, work phone numbers, work email addresses, etc.) in connection with commercial and corporate transactions and other business relationships. Some of our customers are not incorporated and may provide their home address when they acquire software licenses from our authorized online store or when they register their products and service subscriptions with us. VMware also receives and processes EEA/CH Customer Data in connection with its whistleblower hotline including details of the reporter, the data subject of the report, the alleged misconduct, investigation, and any misuse of the whistleblower hotline program.
VMware also provides hosting services for customers where VMware provides the physical infrastructure onto which customers can deploy their virtual infrastructures. A customer or its end users or their agents place data into their cloud environments, which data might include personal data ("Hosted Content Information"). The customer is responsible for its Hosted Content Information, and VMware does not directly access this information except when acting on behalf of the customer. VMware merely acts as the data processor for its customers (the data controllers) with respect to Hosted Content Information. VMware's obligations with respect to personal data for which VMware is a data processor, are set forth in VMware's agreements with its customers. The customer remains responsible for the personal data that it collects and processes and for the compliance with applicable law, including compliance with any obligation to provide notice and obtain consents from a data subject. VMware's adherence to the Safe Harbor Principles may be limited by its role as a data processor or by applicable law.
VMware collects and uses EEA/CH Data (except for Hosted Content Information) for purposes of managing, improving, expanding and communicating regarding software license sales, supply, distribution and customer relationships, delivering software, services and related information (including, without limitation, promotional information on new products), managing its whistleblower hotline program, and conducting related tasks for legitimate business purposes and corporate development opportunities. Hosted Content Information is processed by VMware for the purpose of enabling or monitoring the functionality of the customer’s hosted service, and for providing the service.
VMware shares EEA/CH Data with corporate affiliates. We also make EEA/CH Data available to service providers and other contractors, which process EEA/CH Data on our behalf and subject to confidentiality restrictions. We also share EEA/CH Data with other third parties for the purposes for which we receive the data (e.g., performance of contractual obligations) and as required or permitted by law.
Recipients of marketing e-mails in Europe may opt-out of receiving further e-mail marketing communications from VMware by unsubscribing at www.vmware.com/optout, or by following opt-out instructions that are contained in each marketing e-mail. Requests to opt-out of transfers to third parties will also be considered, but limitations on data sharing may make it difficult or impossible for VMware to provide certain requested services. VMware may also have to disclose EEA/CH Customer Data where it is legally required to disclose (e.g., under statutes, contracts or otherwise) or the disclosure is permitted by law and VMware has a legitimate business interest in such disclosure.
Access and Review
Residents of the EEA and Switzerland whose EEA/CH Data VMware has directly collected may request access to, and the opportunity to correct, amend, or delete that information where it is inaccurate. To submit such requests or raise any other questions, please contact the VMware Safe Harbor Contact as described below. We will respond to your requests within thirty (30) days. VMware reserves the right to take appropriate steps to authenticate an applicant’s identity, charge an adequate fee before providing access and deny requests, except as required by the Safe Harbor Principles.
VMware will take reasonable measures including technical, physical and administrative measures to protect EEA/CH Data from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Safe Harbor Contact
If you have questions, please contact our VMware Safe Harbor representative, Shannon Orr at 3401 Hillview Drive, Palo Alto, California, 94304 or email: firstname.lastname@example.org. If you have a comment or concern that cannot be resolved with VMware directly, you may contact the competent local data protection authority in your EEA/CH Member State.