This Products & Services Privacy Notice (the "Notice") explains how VMware, Inc. and its group companies ("VMware", "we", "us" and "our") collect, use and share information, including personal information, from our business customers and their users (“customer”, “user”, "you" and "your") in connection with their deployment of certain VMware products and services (including mobile apps) ("Services"). "Personal information" is information that identifies an individual or relates to an identifiable individual.
This Notice applies only to the limited personal information we collect and use for our own purposes (i.e., as a 'data controller') in connection with our Services and does not cover any personal information we process on behalf of our customers (where we act as a 'data processor') or personal information we collect to communicate and maintain a relationship with you, to bill you for the Services, or to market to you, which are covered by our other privacy notices at www.vmware.com/help/privacy.html.
This Notice may be supplemented by just-in-time notices, or other disclosures contained within or in connection with the provision of the VMware Services which may describe in more detail our data collection, use and sharing practices, or provide you with additional choices about how VMware processes your data.
If you have any questions about this Notice, please submit a request using our Privacy Contact Form.
Information we collect from you: We collect personal information directly from our customers and their users in connection with the provision of VMware Services. Depending on the context, such information may include:
Further details of the personal information we collect directly from you and our customers and how we process it is covered in our main Privacy Notice. Such information may be combined with information we automatically collect in connection with the provision of the Services and used for the purposes set forth in this Notice.
Information we collect via the Services: In connection with the provision of the Services, VMware collects information from VMware’s software or systems hosting the Services, and from the customer systems, applications and devices that are used to access the Services. Such information is used to facilitate the delivery of the Services to its customers, including managing and monitoring the infrastructure, and providing support (“Services Operations Data”), and for VMware’s own analytics and product improvement purposes (“Usage Data”) as detailed further in this Notice in Part II “How we use your information”. The data collected is generally technical information, with limited individually identifying information such as email address, usernames, filenames, file paths, machine names, IP/MAC address of the user’s device, and identifiers (including cookies). Depending on the Service, the information may include the following types of data:
Services Operations Data may also include such information as:
The main difference between Usage Data and Services Operations Data are the purposes for which we use the data. When collecting both Usage Data and Services Operations Data, we always aim to collect the minimum amount of personal information necessary to fulfil these respective purposes. Further information regarding the Usage Data we automatically collect in connection with our existing customer experience improvement programs for certain of our Services is set forth at the VMware Trust and Assurance Center.
How we use Usage Data
VMware uses Usage Data (sometimes in combination with other data, such as customer account information) for purposes such as:
Usage Data may be collected and used pursuant to one of VMware’s established customer experience improvement programs depending on the Service. For details regarding these customer experience improvement programs, see the VMware Trust and Assurance Center.
How we use Services Operations Data
VMware uses Services Operations Data for the following purposes:
We take care to ensure that your personal information to be accessed only by those who really need access in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. Part III "How we share your information" of our main Privacy Notice provides information about how we may share information with third parties.
How to opt-out
Below are some of the third-party tools we use that collect cookies, with information about how and why we use these tools in support of VMware Services. You can elect to opt-out of these third-party cookies (and therefore the analytics they provide to VMware) by navigating directly to the third-party websites using the links below. You can also opt-out of other cookies used by the Services by adjusting your browser settings but the functionality of the relevant VMware Service will likely be impaired.
VMware uses Fullstory is a tool that we use to provide a better user experience for you and collect data used to diagnose user issues. It records and captures a user’s session so that we can monitor user actions like mouse clicks, movements, etc. If you would like to opt out, Fullstory provides the link below: https://www.fullstory.com/optout/
VMware uses Google Analytics to collect limited data directly from user's browsers to enable us to better understand your use of the Services in order to diagnose and improve our Services and to fix issues. Further information on how Google collects and uses this data can be found here: https://developers.google.com/analytics/resources/concepts/gaConceptsTrackingOverview
VMware also uses other third party tracking tools in connection with our Services.
See Part IV "International transfers of information" of our main Privacy Notice for more information about international transfers of information.
See Part V "Security and Confidentiality" of our main Privacy Notice for information about Security and Confidentiality.
In the course of using our Services, VMware customers and their users may submit or upload information to VMware's Services for hosting or storage. This customer content is processed by VMware on behalf of the customer, and our privacy practices will be governed by the contract we have in place with our customer. This Notice will not apply to any personal information contained in such customer content. In accordance with the terms of such contract, VMware will process customer content for the purposes of providing the relevant VMware Services and in accordance with our customer's instructions. If you have any questions or concerns about how such information is handled, you should contact the person or entity who has contracted with VMware to use the VMware Service to host or process this information (e.g. your employer or organization). We will provide assistance to our customers to address any concerns you may have in accordance with the terms of our contract with them. In relation to VMware’s role as a processor of customer content, our Binding Corporate Rules will apply to any transfers of personal data.
Carbon Black, Inc. complies with the US-EU and US-Swiss Privacy Shield Framework regarding the collection, use, and retention of personal information from individuals in the European Union member countries and Switzerland. Carbon Black, Inc. has certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Privacy Principles shall govern. To learn more about the Privacy Shield program, and to view Carbon Black Inc.’s certification page, please visit https://www.privacyshield.gov.
Carbon Black, Inc. is responsible for the processing of personal data it receives under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Carbon Black, Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the European Union and Switzerland, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Carbon Black, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Carbon Black, Inc. commits to endeavor to promptly resolve complaints about privacy and collection or use of personal information (See ‘How To Contact Us” for contact details). If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website here https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
As stated above, we only collect a limited amount of personal information to fulfil the purposes outlined in this Notice, however where we do collect personal information users do have certain rights and choices in relation to it. For more information about these rights and choices, and how to exercise your rights, please refer to Section VII "Your privacy rights and choices" of our main Privacy Notice.
Rights and Choices where VMware acts as a Processor: Certain VMware Services may be used by our customers to collect personal information about you. In such cases, we are processing such personal information purely on behalf of our customers and any individuals who seek to exercise their rights should first direct their query to our customer (the controller). See Part VI "Information we process on behalf of our customers" above.
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it and the purposes for which it is used.
We process Usage Data on the basis of VMware's legitimate interests in improving its Services and customer experience and/or otherwise pursuing the purposes set out in Part II "How we use Usage Data" of this Notice. We have assessed that these legitimate interests are not overridden by the data protection interests or fundamental rights of any individuals.
For Services Operations Data, we process any personal information contained within it on the basis of VMware's legitimate interest in performing, maintaining and securing our Services and operating our business in an efficient and appropriate manner and/or to pursue the purposes set out in Part II "How we use Usage Data" of this Notice and/or our customer's legitimate business purposes. We have assessed that these legitimate interests are not overridden by the data protection interests or fundamental rights of any individuals.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under Part XII "How to contact us" below.
See the Your California Privacy Rights notice for information about California Privacy Rights, and other required disclosures, if any.
How Long we Retain Information: We retain information that we collect in connection with the Services for as long as is needed to fulfil the purposes outlined in this Notice or where we have another business or legal reason to do so (subject to any retention commitments we have made in any agreements with our customers).
When we have no justifiable business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. You can request deletion of your personal information at any time (see Part VIII "Your Privacy Rights and Choices" section above for further information) and we will consider your request in accordance with applicable laws.
Changes to this Notice: VMware will review and update this Notice periodically in response to changing legal, technical and business developments. When we update this Notice we will note the date of its most recent revision above. If we make material changes to this Notice, we will take appropriate measures to inform you in a manner that is consistent with the significance of the changes we make and is in accordance with applicable law. We encourage you to review this Notice frequently to be informed of how VMware is protecting your information.