Notice and Scope of Safe Harbor Certification
VMware, Inc., ("VMware") adheres to the Safe Harbor Privacy Principles published by the U.S. Department of Commerce (“Safe Harbor Principles”) with respect to personal data relating to residents in the European Economic Area and Switzerland (“EEA/CH Data”) that we receive in the United States from our subsidiaries, enterprise customers, consumer customers, distributors, suppliers and other business partners in Europe. In this notice, we explain how we collect and use EEA/CH Data except data relating to employees of our subsidiaries (which is covered by a separate notice that we distribute to such employees). Additional information on the Safe Harbor Principles and VMware’s scope of participation is available at http://www.export.gov/safeharbor.
Categories of EEA/CH Data
VMware develops software and delivers solutions for business infrastructure virtualization to business customers. We receive mostly business-related information from Europe, but also contact information related to individual representatives of customers, distributors, resellers, suppliers, and other business partners (including, without limitation, names, job titles, addresses, work phone numbers, work email addresses, etc.) in connection with commercial and corporate transactions and other business relationships. Some of our customers are not incorporated and may provide their home address when they acquire software licenses from our authorized online store or when they register their products and service subscriptions with us. VMware also receives and processes EEA/CH Customer Data in connection with its whistleblower hotline including details of the reporter, the data subject of the report, the alleged misconduct, investigation, and any misuse of the whistleblower hotline program.
VMware collects and uses EEA/CH Data for purposes of managing, improving, expanding and communicating regarding software license sales, supply, distribution and customer relationships, delivering software, services and related information (including, without limitation, promotional information on new products), managing its whistleblower hotline program, and conducting related tasks for legitimate business purposes and corporate development opportunities.
VMware shares EEA/CH Data with corporate affiliates. We also make EEA/CH Data available to service providers and other contractors, which process EEA/CH Data on our behalf and subject to confidentiality restrictions. We also share EEA/CH Data with other third parties for the purposes for which we receive the data (e.g., performance of contractual obligations) and as required or permitted by law.
Recipients of marketing e-mails in Europe may opt-out of receiving further e-mail marketing communications from VMware by unsubscribing at www.vmware.com/optout, or by following opt-out instructions that are contained in each marketing e-mail. Requests to opt-out of transfers to third parties will also be considered, but limitations on data sharing may make it difficult or impossible for VMware to provide certain requested services. VMware may also have to disclose EEA/CH Customer Data where it is legally required to disclose (e.g., under statutes, contracts or otherwise) or the disclosure is permitted by law and VMware has a legitimate business interest in such disclosure.
Access and Review
Residents of the EEA and Switzerland whose EEA/CH Data VMware controls may request access to, and the opportunity to correct, amend, or delete that information where it is inaccurate. To submit such requests or raise any other questions, please contact the VMware Safe Harbor Contact as described below. VMware reserves the right to take appropriate steps to authenticate an applicant’s identity, charge an adequate fee before providing access and deny requests, except as required by the Safe Harbor Principles.
Safe Harbor Contact
If you have questions, please contact our VMware Safe Harbor representative, Jason Chan at 3401 Hillview Drive, Palo Alto, California, 94304 or email: firstname.lastname@example.org.
If you have a comment or concern that cannot be resolved with VMware directly, you may contact the competent local data protection authority in your EEA/CH Member State.