VMware's Privacy Notices
VMware Global Privacy Notice
VMware Global Privacy Notice
Effective Date: January 1, 2023
VMware, Inc., headquartered in the U.S., and its group of companies ("VMware", "we", "us" and "our") are committed to protecting the privacy of individuals who interact with us, such as our website visitors, customers, business partners, leads and prospects, emergency contacts and beneficiaries of our employees, recipients of marketing communications, end users and event attendees ("you" and "your"). This Privacy Notice explains what information we collect, why we collect it, how we use it, and your rights, when:
- You visit, interact with or use any of our websites, social media pages, VMware mobile apps (where linked to this Privacy Notice), online ;advertisements, marketing or sales communications (our "online Properties");
- You visit any of our offices (“Offices”);
- You attend one of our events or interact with us at an event (“Events”);
- You purchase and use our products and services (including mobile apps) that have been deployed by one of our business customers, such as your employer (our "Services"); and
- You are designated as an emergency contact or beneficiary with respect to a VMware employee (“Beneficiary”) in any related portal (our “Benefits and Contacts Portals”).
Any combination of the above will be referred to as our “Properties.”
This Notice does not cover the personal information we automatically collect in connection with your use of our Services. For further details on the personal information we collect and use in connection with the provision of the Services, see the VMware Products and Services Notice.
We may provide additional "just-in-time" disclosures or additional information about our data collection, use and sharing practices for specific Properties. These notices may supplement this Privacy Notice, clarify our privacy practices in the circumstances described, or provide you with additional choices about how we process your personal information.
The personal information we receive about you depends on the context of your interactions with us and the Properties, and the choices you make.
We will collect personal information when you voluntarily provide it to us (including to our service providers or other parties who collect it on our behalf). For example, we collect personal information when you order, register for (or to use) or request information about VMware products, services or apps, subscribe to marketing communications, request support, complete surveys, provide in product feedback, or sign up for a VMware event or webinar. We may also collect personal information from you offline, such as when you attend one of our events, during phone calls with sales representatives, or when you contact customer support.
The personal information we collect may include contact information (such as your name, address, telephone number or email address), professional information (such as your employer name, address, job title, department or job role), user IDs and passwords, photographs, and contact preferences. We also collect information you choose to provide to us when requesting information or completing any 'free text' boxes in our forms (for example, for event sign-up, product feedback or survey requests), or the nature of your request or communication. In addition, we may collect personal information disclosed by you on message boards, chat features, blogs and other services or platforms to which you are able to post information and materials (including third-party services and platforms). We also may record our telephone or other communications with you, to the extent permitted by applicable law. When making a purchase from VMware, we may also collect billing and transactional information.
VMware Services: In connection with your organization's deployment of certain Services, we may automatically collect information in relation to your use of the Services. See the VMware Products and Services Notice for information regarding the types of data collected and used in connection with our provision of the Services. If you are an end user of VMware Services and you require more information regarding our data collection practices for Services deployed by your organization, please contact your IT administrator.
Unless prohibited by applicable law, we may obtain information about you from third-party sources such as public databases, other publicly available sources, authorized channel partners, suppliers and, upon your consent, marketing agencies, social media platforms and event organizers.
Examples of the information we may receive from other sources include: name, address, telephone number, office location, approximate location (based on reverse IP lookup), account information, job role and publicly available employment profile, service and support information, information about your product or service interests or preferences, browsing habits, page-view information from some business partners with which we operate co-branded services or joint offerings, and credit history information from credit bureaus.
We collect information from our employees and contingent workers about their beneficiaries and emergency contacts. This may include the Beneficiary’s name, address, telephone number, birthdate, relationship to employee and other information necessary to process benefits or make contact in case of an emergency.
Personal information is used for the following purposes (unless restricted by applicable law):
- Communicate, Respond to Requests and Engage in/Process Transactions. We may use personal information to communicate with you, respond to your requests or provide information requested by you. We may also use personal information, including financial, credit card and payment information, to process your transactions.
- Facilitate the Delivery of the Service and Account Administration. We may use personal information to provide you with Services, manage your account, and communicate with you about your use of our Services. This may include managing product downloads, updates and fixes, providing support and recommendations, and sending other administrative or account-related communications, including release notes. We will also use personal information to facilitate the delivery of Services, including tracking entitlements, verifying compliance, controlling access to the Service, and maintaining the security and operational integrity of our IT infrastructure and our Services. See the VMware Products and Services Notice for details regarding the information We collect in connection with your use of the Services.
- Facilitate and Evaluate Use of the Online Properties. We may use personal information to provide you with our online Properties, facilitate your use of our online Properties (such as facilitating navigation and the login process, preserving information between sessions and enhancing security), improve quality, evaluate page response rates and personalize and determine content.
- Improve our Properties. VWe use personal information and other data collected from you to better understand our customers, users and website visitors and the way they use and interact with the Properties, including their user experience. We use this information to provide a personalized experience, implement the preferences you request, improve quality and reliability, diagnose issues with and improve the Properties and related user experiences, and make recommendations.
- Improve the Accuracy of our Records. We may use the personal information we receive from you or third parties to better understand you and/or maintain and improve the accuracy of the records we hold about you.
- Provide Support. We use personal information and other data collected from you, in combination with other data we may have, in order to provide you with support in relation to our Properties.
- Post Testimonials. We may use personal information to post testimonials on our online Properties. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. You can request your testimonial be updated o deleted at any time by submitting a request via our Privacy Contact Form.
- Marketing. We will use information obtained from you, your interactions with us, and from third-party sources to position and promote our products and services, deliver targeted and relevant marketing communications to you, to determine the effectiveness of our marketing and promotional campaigns, improve the contextual relevance of the content we send to you, and to generate lead scoring to determine the interest in our products and services. We may use information obtained from you in an aggregated format to support analytical efforts to better understand our website visitors’ interests and optimize content consumption and to undertake qualification scoring to model audiences.
- Security. We may use personal information to help monitor, prevent and detect fraud, enhance security, monitor and verify identity or access, and combat spam or other malware or security risks.
- Quality Control and Training. We may use or access personal information for quality control purposes related to the Properties and staff training.
- Conferences and Events. We may use personal information to communicate with you about our events. After the event, we may contact you about the event and related products and services, may share information about your attendance with your company, and, upon your consent, with our conference sponsors. If a partner or conference sponsor directly requests your personal information at their conference booths or presentations, your personal information will be handled in accordance with their privacy practices. We recommend that you review the privacy practices of such partners and sponsors.
- Provide Online Communities and Blogs. We may use personal information and other information disclosed by you on our message boards, chat features, blogs and other services or platforms to which you are able to post information and materials for the purposes of providing you and our customers with a forum to discuss our Properties, responding to your request, providing you with support, improving our Properties or any other purposes set forth in this Privacy Notice. Any information that is disclosed in those forums becomes public information and may therefore appear in public ways, such as through search engines or other publicly available platforms and may be “crawled” or searched by third parties. It could also be read, collected or used by other users to send you unsolicited messages. Please do not post any information that you do not want to reveal to the public at large.
- Education and Training. If you sign up for a VMware certification course or seminar, we will use your personal information to facilitate the delivery of such course or seminar. To the extent your organization has paid for your certification course or seminar, we may provide the status of your course or seminar to your organization upon notice to you.
- Protect our Employees and Facilities. We may use personal information as necessary to protect the health and safety of our employees and visitors, our facilities and our property and other rights. If you visit one of our sites, you may be photographed or videotaped as part of maintaining the security of such sites.
- Employee benefits and contacts We may use personal information of Beneficiaries in case of emergencies involving the employee for which the Beneficiary is the emergency contact, and to administer employment-related benefits.
- Other Legitimate Business Purposes. We may use personal information when it is necessary for other legitimate purposes such as protecting our confidential and proprietary information.
We take care to allow your personal information to be accessed only by those who need access to be able to perform their duties, and to be shared only with third parties who have a legitimate purpose for accessing it. We may share your personal information with third parties as follows:
- Service providers. We may disclose your information with our service providers, such as vendors, consultants, agents and other third parties who work on our behalf. For example, we may need to disclose information to vendors and service providers who provide assistance with marketing, billing, processing credit card payments, data analysis and insight, hosting, employment benefits, technical support and customer service. Unless described in any of our privacy notices, we do not share, sell, rent, or trade any of your personal information with third parties for their own promotional purposes.
- Business partners. We may disclose your information to our channel partners, such as distributors and resellers, and to other business partners, to fulfill product and information requests, to effectively deliver unified support, and to provide customers and prospective customers with information about us and our products and services. From time to time, we may engage in joint sales or product promotions with selected business partners. If you purchase or specifically express interest in a jointly offered product, promotion or service, we may share relevant personal information with those partners.
Note that we do not control our business partners' use of such information. Our partners are responsible for managing their own use of the personal information collected in these circumstances, including providing information to you about how they use your personal information. We recommend you review the privacy policies of the relevant partner to find out more about their handling of your personal information.
- VMware affiliates. We may share your information with our parent companies, subsidiaries and/or affiliates. This information may be shared and used to provide services and support, provide recommendations to optimize product and service use, to provide customers and prospective customers with information about the range of available products and services, and for the purposes otherwise described in this Privacy Notice.
- Vital interests. We may disclose information to any party where we believe it necessary in order to protect the vital interests of any person.
- Compliance with laws or any competent law enforcement body, regulatory body, government agency, court or third party. We may disclose information where we believe disclosure is necessary or required (i) by law or regulation, in order to comply with legal process or government requests (including in response to public authorities to meet national security or law enforcement requirements); or (ii) to exercise, establish or defend our legal rights.
- Business transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, dissolution, corporate reorganization or similar event. We will inform any buyer that your information shall only be used in accordance with this Privacy Notice.
- With your consent. We may disclose your personal information for any other purpose with your consent.
We offer all individuals, regardless of residency, certain privacy choices. Residents of some territories (such as the European Economic Area or California) are afforded various additional privacy rights by applicable law.
- Marketing communications. You may modify how we contact you through email for marketing or promotional purposes. If you don’t want to receive marketing communications from us, you can opt-out at any time by using the VMware Preference Center accessible through Customer Connect or by clicking the “unsubscribe” button included in any marketing communications we send you. You can opt-out of receiving marketing communications from Carbon Black by going to the Carbon Black Preference Center and unsubscribing.
- Correct or update your information. If you would like to correct or update personal information that you provided to us, please logon to customerconnect.vmware.com and update your profile.
Your rights may include:
- Access and portability. You may ask us to confirm whether we are processing your personal information, provide you with details about such processing, and, in some limited circumstances, give you a copy of your personal information. You may ask us to provide your personal information in a structured, commonly used, machine-readable format, or you can ask to have it ported directly to another data controller.
- Erasure or deletion. You may ask us to delete the personal information that we hold about you.
- Rectification or correction. You may ask us to correct any inaccurate or incomplete personal information that we hold about you.
- Objection to processing. You may request that we stop processing your personal information for specific purposes including marketing and profiling.
- Restriction of processing. You may request that we restrict the processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is not accurate or lawfully held).
- Appeal. You may have the right to appeal a decision we make regarding the exercise of your privacy rights.
- Lodge a complaint to your local Data Protection Authority. You may have the right to lodge a complaint with your national Data Protection Authority or equivalent regulatory body.
- Automated decision-making. We do not employ solely automated decision-making, as a matter of course, that results in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you. Automated decisions are decisions made automatically based on computer determinations (using software algorithms), without human review. If you are to be subjected to automated decision making, we will make it clear at the time and you have the right to contest the decision, to express your point of view, and to require a human review of the decision.
These rights are not absolute and are subject to conditions or limitations as specified in applicable laws. If you would like to exercise any of the above rights, please complete the Privacy Contact Form. We will process your request in accordance with applicable privacy and data protection laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
Rights where VMware acts as a processor. Certain Services may be used by our customers to collect personal information about you. In such cases, we process such personal information purely on behalf of our customers. Individuals who seek to exercise their rights should direct their query to our customer (the controller).
We maintain (and require our service providers to maintain) appropriate organizational and technical measures designed to protect the security and confidentiality of any personal information we process. These measures include physical access controls, encryption, Internet firewalls, intrusion detection and network monitoring depending on the nature of the information and the scope of processing. VMware staff who may have access to personal information are required to keep that information confidential. Despite these controls, we cannot completely ensure or warrant the security of your information and encourage you to take steps to protect your information when disclosing personal information online by using readily available tools, such as Internet firewalls, anti-virus and anti-spyware software, and similar technologies.
Personal information, including personal information collected from or about you may be transferred, stored and processed by us and our service providers, partners and affiliates in countries other than where your personal information was collected and other than where you reside, including the United States and other countries whose data protection laws may be different than the laws of your country. We will protect your personal information in accordance with this Privacy Notice wherever it is processed and will take appropriate steps to protect your personal information in accordance with this Privacy Notice and applicable laws. We have implemented similar appropriate safeguards with our service providers, partners and affiliates.
For transfers of personal information from our group companies in the EEA, the United Kingdom and Switzerland to our other group companies, we have implemented the Standard Contractual Clauses (issued by the European Commission or the UK’s Information Commissioner’s Office). Our Standard Contractual Clauses can be provided upon request. In relation to our role as a processor of customer content, our Binding Corporate Rules will apply to any transfers of personal information.
We will retain personal information we collect from you where we have a justifiable business need to do so and/or for as long as is needed to fulfil the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, legal, accounting or other purposes). Specifically, our retention schedule categorizes records or information by department, content type, retention period, and any supplemental policies (domestic, regional and global) where applicable. Our retention schedule is based on a combination of laws and regulatory requirements, legal guidance, the amount, nature, and sensitivity of the personal information and to maximize operational efficiencies.
When we have no justifiable business need to process your personal information, we will either delete or anonymize it. If deletion or anonymization is not possible (for example, your personal information may be stored in backup archives or for technical reasons), we will securely store your personal information and implement appropriate measures to prevent any further processing until deletion is possible. If we de-identify or anonymize your personal information, we will maintain and use it in de-identified form and not attempt to re-associate the information with you, except to test our de-identification procedures.
If you request deletion of your personal information (see “Your Privacy Choices and Rights” section for further information) we will consider your request in accordance with applicable laws.
California notice. This additional California Privacy Notice sets forth our disclosure obligations under California law and provides further information about privacy rights for California residents.
Canada notice. VMware has appointed Stuart Lee, Chief Privacy Officer, to oversee compliance with this Privacy Notice and applicable privacy laws. For information on VMware’s privacy practices, please contact Mr. Lee by completing the Privacy Contact Form or by mail to: Stuart Lee, Chief Privacy Officer, VMware, Inc., 3401 Hillview Ave, Palo Alto, California, 94304, USA.
China notice. This additional China Privacy Notice sets forth our disclosure obligations under Personal Information Protection Law of the People's Republic of China (“PIPL”).
European Economic Area and UK – legal basis for processing personal information. Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We will normally collect personal information from you only if we need the personal information to perform a contract with you, the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or we have your consent to do so. In rare cases, we may have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person. We may sometimes provide you with additional information about this legal basis at the time this information is collected. See Part II, ‘How We Use Your Information’, for more details regarding the purposes for which we process your personal information. To process your personal information for such purposes, we typically rely on our legitimate interests in providing information and resources to prospective customers in an effective and secure manner; in promoting our products and services; in improving the functionality, adoption, and security of our products and services; in providing support; in facilitating the sale and use of our products and services; in protecting our employees, facilities, and rights; and in providing benefits to our employees. As applicable, we may also rely on your consent, or such processing may be necessary for the performance of a contract.
Children. Our Properties are not directed to individuals under the age of 16. We do not knowingly collect personal information from such individuals. If you become aware that a child has provided us with personal information, please contact us by completing the Privacy Contact Form. If we become aware that a child under the age of 14 has provided us with personal information, we will take steps to delete such information.
Global Privacy Control. Some Internet browsers and browser extensions - like Brave, DuckDuckGo and Privacy Badger - include the ability to transmit “Global Privacy Control” or “GPC” signals. Our online Properties process GPC signals and respond by disabling select cookies. The signal applies only to your device and browser; if you visit our website from a different device or browser, you will need to re-set your GPC settings. To learn more about "GPC" and how to use it, please visit GlobalPrivacyControl.org.
Changes to this Privacy Notice. We will review and update this Privacy Notice periodically in response to changing legal, technical and business developments. When we update this Privacy Notice we will note the date of its most recent revision above. If we make material changes to this Privacy Notice, we will take appropriate measures to inform you in a manner that is consistent with the significance of the changes we make and is in accordance with applicable law. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.