Effective Date: June 18, 2018

VMware provides cloud computing and platform-virtualization services, enabling its enterprise customers to securely connect, manage and automate their digital infrastructures.

VMware, Inc., headquartered in the U.S., and its group companies, a part of the Dell Family (as defined in our Privacy Notice) ("VMware", "we", "us" and "our") are committed to protecting the privacy of individuals who interact with us, such as our website visitors, customers, business partners, end users, event attendees and job applicants ("you" and "your"). The following privacy notices explain the different ways in which VMware collects, uses and shares personal information when:

• You visit, interact with or use any of our websites, social media pages, VMware mobile apps (where linked to this Privacy Notice), online advertisements, marketing communications (our "online Properties")
• You visit, interact with or use any of our events, sales, marketing and other offline activities (our "offline Properties");
• You use VMware products and services (including mobile apps) that have been deployed by one of our business customers, such as your employer (our "Services").

When we mean to refer to all three of the above, we use the term "Properties".

Please take the time to read the notices carefully.

VMware Privacy Notice: This notice addresses the personal information we collect in connection with our business operations and Properties.

Cookie Notice: This notice addresses how we use cookies and other similar tracking technologies when you interact with us through our Services and online Properties.

Workspace ONE UEM Privacy Disclosure: This disclosure informs customers regarding the types of information collected by the Workspace ONE UEM offering from customer’s users and their devices.

Applicant Privacy Notice: This notice addresses the personal information we collect in connection with our employment recruiting efforts.

Mobile App Notices: For VMware mobile apps used by VMware for its own purposes (such as the VMworld mobile app or the VMware Partner Central mobile app), the VMware Privacy Notice will apply. To the extent the data collection, use and/or sharing practices of such mobile apps vary from the general notices in the VMware Privacy Notice, these mobile apps will have their own individual privacy notices which will supplement the VMware Privacy Notice. For more information about the data collection practices of certain mobile apps, review the privacy notice of the VMware mobile app you have installed. For mobile apps developed by VMware but used by our customers or partners for their purposes, you should contact our customer or partner (your organization) to understand their data collection and use practices.

Additional Notices: In connection with the provision of specific Properties, VMware may provide additional "just-in-time" disclosures or additional information about our data collection, use and sharing practices. These notices may supplement or clarify VMware's privacy practices or may provide you with additional choices about how VMware processes your data.

External Links: The Properties may provide links to or the ability to connect with third party websites, services, social networks, applications or social media features such as "Share" or "Like" buttons. Visiting those sites or clicking on those links may allow the third party to collect and use information about you. We recommend that you review the privacy notices and terms of use of such third parties prior to interacting with them or providing them with your personal information. VMware does not control the use of your personal information by these third parties.

VMWARE PRIVACY NOTICE

VMware, Inc., headquartered in the U.S., and its group companies, a part of the Dell Family ("VMware", "we", "us" and "our") are committed to protecting the privacy of individuals who interact with us, such as our website visitors, customers, business partners, end users and event attendees ("you" and "your"). This Privacy Notice explains the different ways in which VMware collects, uses and shares personal information when:

• You visit, interact with or use any of our websites, social media pages, VMware mobile apps (where linked to this Privacy Notice), online advertisements, marketing communications (our "online Properties");
• You visit, interact with or use any of our events, sales, marketing and other offline activities (our "offline Properties"); and
• You use VMware products and services (including mobile apps) that have been deployed by one of our business customers, such as your employer (our "Services").

When we mean to refer to all three of the above, we use the term "Properties".

In connection with the provision of specific Properties, VMware may provide additional "just-in-time" disclosures or additional information about our data collection, use and sharing practices. These notices may supplement this Privacy Notice or clarify VMware's privacy practices in the circumstances described or may provide you with additional choices about how VMware processes your data.

If you have any questions about this Privacy Notice, please contact us at privacy@vmware.com.

CONTENTS – QUICKLINKS
Part I: What information we collect and how we collect it

Part II: How we use your information

Part III: How we share your information

Part IV: International transfers of information

Part V: Security and confidentiality

Part VI: Information we collect on behalf of our customers

Part VII: Your privacy rights and choices

Part VIII: Legal basis for processing personal information (European Economic Area)

Part IX: Other information

Part X: How to contact us

PART I: WHAT INFORMATION WE COLLECT & HOW WE COLLECT IT

"Personal information" is information that identifies an individual or relates to an identifiable individual. VMware and third party service providers collect personal information and other information from various sources which generally fall into the following categories:

• Information you provide to us through your interactions with us and your use of the Properties
• Information we automatically collect from you in connection with your use of online Properties and Services
• Information from third party sources and affiliated companies

We may combine information from these different sources for the purposes set forth in this Privacy Notice.

1. Information we collect from you


We will collect personal information when you voluntarily provide it to us (including to our service providers or other parties who collect it on our behalf). For example, we collect personal information when you order, register for (or to use) or request information about VMware products, services or apps, subscribe to marketing communications, request support, complete surveys, provide in product feedback, or sign up for a VMware event or webinar. We may also collect personal information from you offline, such as when you attend one of our events, during phone calls with sales representatives, or when you contact customer support.

The personal information we collect may include contact information (such as your name, address, telephone number or email address), professional information (such as your job title, department or job role), user IDs and passwords, and contact preferences. We also collect information you choose to provide to us when requesting information or completing any 'free text' boxes in our forms (for example, for event sign-up, product feedback or survey requests), or the nature of your request or communication. In addition, we may collect personal information disclosed by you on message boards, chat features, blogs and other services or platforms to which you are able to post information and materials (including third party services and platforms).

When making a purchase from VMware, we may also collect billing and transactional information.



2. Information we automatically collect


VMware collects information from the use of technologies such as cookies, pixel tags, widgets, embedded URLs, electronic communication protocols, buttons and tools in connection with its online Properties and Services. The types of technology used by VMware may change over time as technology evolves. This Privacy Notice and our Cookie Notice provide information about our use of cookies and other similar tracking technologies.




Online Properties:
We automatically collect certain information when you use, access or interact with our online Properties, including our online advertisements or marketing communications. This information does not necessarily reveal your identity directly but may include unique identification numbers and other information about the specific device you are using, such as the hardware model, operating system version, web-browser software (such as Firefox, Safari, or Internet Explorer), your Internet Protocol (IP) address/MAC address/device identifier, device event information (such as crashes, system activity and hardware settings, browser language, the date and time of your request and referral URL), broad geographic location (e.g. country or city-level location) and other technical data that uniquely identifies your browser. We may also collect information about how your device has interacted with our online Properties, such as the pages accessed and other statistical information.




VMware Services:
In connection with your organization's deployment of certain VMware Services, VMware may automatically collect certain data relating to the performance and configuration of the Services, and our customer's and their end-user's consumption of and interaction and use of such Services. This data is generally technical information obtained from software or systems hosting the Services, devices accessing the software or systems and/or log files generated during the use of the Services, along with the types of data identified under 'Online Properties' above. This data is used for the purposes set forth in this Privacy Notice in Part II below and any other relevant program documents.

In some instances, the information collected may directly or indirectly identify an end-user and link an individual to certain online behavior to the extent required for the purposes provided in this Privacy Notice. The information collected does not include any customer content uploaded to the Services by the customer for hosting.

Where data is used for VMware's own purposes, such as for product improvement, customer agreements (including service descriptions), just-in-time notices, or other disclosures contained within or in connection with the provision of the VMware Services may describe more details about our collection and use of this type of usage data, including the types of personal information, if any. Further, our Trust & Assurance Center provides details regarding our various customer experience improvement programs and, depending on the program, our customers may have the ability to limit or control the extent of information collected.

If you are an individual user of VMware Services and you require more information regarding our data collection practices for Services deployed by your organization, please contact your IT administrator.



3. Information from third party sources and affiliated companies


From time to time, we may obtain information about you from third party sources as permitted by applicable law, such as public databases, resellers and channel partners, joint marketing partners, social media platforms or other publicly available information. We may also obtain information about you from our affiliated companies, including Dell Technologies, Dell EMC, Pivotal, RSA, SecureWorks and VirtuStream (the "Dell Family") and, to the extent involved in the sales and marketing of our collective products and services, their appointed partners.

Examples of the information we may receive from other sources include: account information, job role and public employment profile, service and support information, information about your product or service interests or preferences, browsing habits, page-view information from some business partners with which we operate co-branded services or joint offerings, and credit history information from credit bureaus. We may use this information in conjunction with your contact details, professional information and VMware transaction history for the purposes set forth in this Privacy Notice, such as, for example, improving the accuracy of our records, better understanding you and your preferences, providing relevant marketing and support, and detecting and preventing fraud.

PART II: HOW WE USE YOUR INFORMATION

VMware uses personal information it collects for the following purposes (unless otherwise restricted by applicable law). For information on how VMware shares personal information, see Part III.

Respond to Requests and Engage in/Process Transactions: VMware may use personal information to respond to your requests or provide information requested by you. VMware may also use personal information, including financial, credit card and payment information, to process your transactions.

Provide and Facilitate Delivery of Services: VMware may use personal information to provide you with VMware Services and to manage your account. This may include managing product downloads, updates and fixes, providing support and recommendations, and sending other administrative or account-related communications, including release notes. VMware will also use personal information to facilitate the delivery of the Services and this may include tracking entitlements, verifying compliance, monitoring services and infrastructure performance, ensuring integrity and stability of the Services or simply monitoring or addressing technical issues so we can deliver the Service to the standards VMware has committed to.

Facilitate and Evaluate Use of the Online Properties: VMware may use personal information to provide you with the online Properties, to facilitate your use of the online Properties (such as facilitating navigation and the login process, preserving information between sessions and enhancing security), to improve quality, to evaluate page response rates and determine content.

Improve our Properties: VMware uses personal information and other data VMware collects from you to better understand our customers, users and website visitors and the way they use and interact with the Properties, including their user experience. VMware uses this information to provide a personalized experience, to implement the preferences you request, to improve quality and reliability, to diagnose issues with and improve the Properties and related user experiences, and to make recommendations.

Improve the Accuracy of our Records: We may use the personal information we receive from you or third parties to better understand you and/or maintain and improve the accuracy of the records we hold about you.

Provide Support: VMware uses personal information and other data VMware collects from you (such as feedback, surveys, and data relating to your use of VMware Services), in combination with account-related information, to provide customers and users with both reactive and proactive support. Such support may be provided in-product or through VMware’s support team.

Post Testimonials: VMware may use personal information to post testimonials on its Online Properties. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. You can request your testimonial be updated or deleted at any time by sending a request with your name, testimonial location and contact information.

Marketing: VMware will use information it obtains from you, your interactions with VMware and the Properties, and from third party sources to provide you with marketing and promotional communications, to deliver targeted and relevant advertising and marketing to you, to determine the effectiveness of our marketing and promotional campaigns, to better understand you and your preferences, and to position and promote our products and services. Our marketing will be conducted in accordance with your advertising / marketing preferences and as permitted by applicable law.

Security: VMware may use personal information to help monitor, prevent and detect fraud, enhance security, monitor and verify identity or access, and combat spam or other malware or security risks.

Quality Control and Training: VMware may use or access personal data for the purposes of quality control related to the Properties and staff training.

Third Party Social Networks: VMware may use personal information to interact with you on third party social networks (subject to that network's terms of use).

Conferences and Events: VMware and our partners may use personal information to communicate with you about our events or our partner events. After the event, VMware may contact you about the event and related products and services, and may share information about your attendance with your company and our conference sponsors and partners, where legally permitted to do so. If a partner or conference sponsor directly requests your personal information at their conference booths or presentations, your personal information will be handled in accordance with their privacy practices. We recommend that you review the privacy practices of such partners and sponsors.

Provide Online Communities and Blogs: We may use personal information and other information disclosed by you on our message boards, chat features, blogs and other services or platforms to which you are able to post information and materials for the purposes of providing you and our customers with a forum to discuss VMware Properties, responding to your request, providing you with support, improving our Properties or any other purposes set forth in this Privacy Notice. Any information that is disclosed in those forums becomes public information and may therefore appear in public ways, such as through search engines or other publicly available platforms, and may be “crawled” or searched by third parties. It could also be read, collected or used by other users to send you unsolicited messages. Please do not post any information that you do not want to reveal to the public at large.

Education and Training: If you sign up for a VMware certification course or seminar, VMware will use your personal information to facilitate the delivery of such course or seminar. To the extent your organization has paid for your certification course or seminar, VMware may provide the status of your course or seminar to your organization upon notice to you.

Protect our Employees and Facilities: VMware may use personal information as necessary to protect the health and safety of our employees and visitors, our facilities and our property and other rights. If you visit one of our sites, you may be photographed or videotapes as part of maintaining the security of such sites.

Other Legitimate Business Purposes: We may use your personal information when it is necessary for other legitimate purposes such as protecting VMware's confidential and proprietary information.

PART III: HOW WE SHARE YOUR INFORMATION

We take care to allow your personal information to be accessed only by those who really need access in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. We may share personal information about you with third parties in the following circumstances.

• Service providers: We may share your information with third parties, such as vendors, consultants, agents and other service providers who work on our behalf. Examples include vendors and service providers who provide assistance with marketing, billing, processing credit card payments, data analysis and insight, technical support and customer service. Unless described in this Privacy Notice, we do not share, sell, rent, or trade any of your personal information with third parties for their own promotional purposes.
  
  
• Business partners: We may provide your information to our channel partners, such as distributors and resellers, to fulfill product and information requests, to effectively deliver unified support, and to provide customers and prospective customers with information about VMware and its products and services. From time to time, VMware may engage in joint sales or product promotions with selected business partners. If you purchase or specifically express interest in a jointly-offered product, promotion or service, we may share relevant personal information with those partners.
  
  Please be aware that VMware does not control our business partners’ use of such information. Our partners are responsible for managing their own use of the personal information collected in these circumstances, including providing information to you about how they use your personal information. We recommend you review the privacy policies of the relevant partner to find out more about their handling of your personal information.
  
  
• VMware affiliates and Dell Family: We may share your information with our parent companies, subsidiaries and/or affiliates (including the Dell Family). This information may be shared and used to provide services and support, provide recommendations to optimize product and service use, to provide customers and prospective customers with information about the range of available products and services, and for the purposes otherwise described in this Privacy Notice.
  
  
• Vital interests: We may disclose information where we believe it necessary in order to protect the vital interests of any person.
  
  
• Compliance with laws or any competent law enforcement body, regulatory body, government agency, court or third party: We may disclose information where we believe disclosure is necessary or required (i) by law or regulation, in order to comply with legal process or government requests (including in response to public authorities to meet national security or law enforcement requirements); or (ii) to exercise, establish or defend our legal rights.
  
  
• Business transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, dissolution, corporate reorganization or similar event. We will inform any buyer that your information shall only be used in accordance with this Privacy Notice.
  
  
• With your consent: We may disclose your personal information for any purpose with your consent.

PART IV: INTERNATIONAL TRANSFERS OF INFORMATION

Acting as a data controller:
Personal information, including personal information collected in the European Economic Area ("EEA") or Switzerland, may be transferred, stored and processed by us and our services providers, partners and affiliates in the United States and potentially other countries whose data protection laws may be different to the laws of your country, for example to Canada, The Philippines, Singapore, India, Australia and Israel. Some of these countries are not deemed 'adequate' by the European Commission. We will protect your personal information in accordance with this Privacy Notice wherever it is processed and will take appropriate contractual or other steps to protect the relevant personal information in accordance with applicable laws. These steps include implementing the European Commission's Standard Contractual Clauses for transfers of personal information from our group companies in the EEA to our other group companies. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our service providers, partners and affiliates.

Acting as a data processor: Click here for VMware's Binding Corporate Rules.

PART V: SECURITY AND CONFIDENTIALITY

VMware maintains (and requires its service providers to maintain) appropriate organizational and technical measures designed to protect the security and confidentiality of any personal information we process. For example, VMware employs physical access controls, encryption, Internet firewalls, intrusion detection and network monitoring depending on the nature of the information and the scope of processing. VMware staff who may have access to personal information are required to keep that information confidential. However, no security procedures or protocols are ever guaranteed to be 100% secure and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, anti-virus and anti-spyware software, and similar technologies to protect yourself online.

PART VI: INFORMATION WE PROCESS ON BEHALF OF OUR CUSTOMERS

In the course of using our Services, VMware customers and their end-users may submit or upload information to VMware's Services for hosting or storage. This customer content is processed by VMware on behalf of the customer, and our privacy practices will be governed by the contract we have in place with our customers, and this Privacy Notice will not apply to any personal information contained in such customer content. In accordance with the terms of such contract, VMware will process customer content for the purposes of providing the relevant VMware Services and in accordance with our customer's instructions. If you have any questions or concerns about how such information is handled, you should contact the person or entity who has contracted with VMware to use the VMware Service to host or process this information (e.g. your employer or organization). We will provide assistance to our customers to address any concerns you may have in accordance with the terms of our contract with them.

PART VII: YOUR PRIVACY RIGHTS AND CHOICES

Right to Correct or Update Your Information: If you would like to correct or update personal information that you have provided to us, please logon to myvmware.com and update your profile.

Marketing Communications: You can opt-out of receiving marketing communications from VMware by going to the VMware subscription center at http://info.vmware.com/content/subscription and unsubscribing. You can also opt out by clicking "unsubscribe" in any marketing email communications we send you, or by sending an email to privacy@vmware.com.

Additional Rights for the EEA and Certain Other Territories: If you reside in certain territories (such as the European Economic Area), you may have the right to exercise certain privacy rights available to you under applicable laws. We will process your request in accordance with applicable data protection laws. We may need to retain certain information for record-keeping purposes and/or to complete transactions that you began prior to requesting any deletion.

• Right not to provide consent or to withdraw consent: We may seek to rely on your consent in order to process certain personal information. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
  
  
• Right of access and/or portability: You may have the right to access the personal information that we hold about you and, in some limited circumstances, have that data provided to you so that you can provide or 'port' that data to another provider.
  
  
• Right of erasure: In certain circumstances, you may have the right to the erasure of personal information that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected).
  
  
• Right to object to processing: You may have the right to request that VMware stop processing your personal information and/or to stop sending you marketing communications.
  
  
• Right to rectification: You may have the right to require us to correct any inaccurate or incomplete personal information.
  
  
• Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is not accurate or lawfully held).
  
  
• Right to lodge a complaint to your local Data Protection Authority: You may have the right to lodge a complaint with your national Data Protection Authority or equivalent regulatory body.

If you would like to exercise any of the above rights, please contact privacy@vmware.com so that we may consider your request under applicable law. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

Certain VMware Services: Certain VMware Services may be used by our customers to collect personal information about you. In such cases, we are processing such personal information purely on behalf of our customers and any individuals who seek to exercise their rights should first direct their query to our customer (the data controller). See Part VI "Information we process on behalf of our customers" above.

PART VIII – LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (EUROPEAN ECONOMIC AREA)

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it and the purposes for which it is used.

However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some very rare cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time, or upon request, what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the "How to contact us" heading below.

PART IX: OTHER INFORMATION

How Long we Retain Your Information: We will retain personal information we collect from you where we have a justifiable business need to do so and/or for as long as is needed to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, legal, accounting or other purposes). You can request deletion of your personal information at any time (see "Your Privacy Rights and Choices" section for further information) and we will consider your request in accordance with applicable laws.

When we have no justifiable business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Children: Our Properties are not directed to individuals under the age of 14. We do not knowingly collect personal information from such individuals. If you become aware that a child has provided us with personal information, please contact us at privacy@vmware.com. If we become aware that a child under the age of 14 has provided us with personal information, we will take steps to delete such information.

Automated Decision-making: We do not employ solely automated decision-making, as a matter of course, that resuts in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you. Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review. If you are to be subject to automated decision making, we will make it clear at the time and you have the right to contest the decision, to express your point of view, and to require a human review of the decision.

External Links and Social Media Features: Our Properties may provide links to or the ability to connect with third party websites, services, social networks, applications or social media features such as "Share" or "Like" buttons. Visiting those sites or clicking on those links may allow the third party to collect and use information about you. Further, the personal information you choose to give to these third parties is not covered by this Privacy Notice. We encourage you to review the privacy notices and terms of use of such third parties prior to interacting with them or providing them with your personal information to understand how your information may be collected and used. VMware does not control the privacy practices of such third parties, nor do we endorse or make any representations about these third party websites, services, social networks or applications.

Changes to this Privacy Notice: VMware will review and update this Privacy Notice periodically in response to changing legal, technical and business developments. When we update this Privacy Notice we will note the date of its most recent revision above. If we make material changes to this Privacy Notice, we will take appropriate measures to inform you in a manner that is consistent with the significance of the changes we make and is in accordance with applicable law. We encourage you to review this Privacy Notice frequently to be informed of how VMware is protecting your information.

California Privacy Rights: A business subject to California Civil Code section 1798.83 is required to disclose to its California customers, upon request, the identity of any third parties to whom the business has disclosed personal information within the previous calendar year, along with the type of personal information disclosed, for the third parties' direct marketing purposes. Please note that under California law, businesses are only required to respond to a customer request once during any calendar year.

In addition, a business subject to California Business and Professions Code Section 22581 must allow California residents under age 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted. Your request should include a detailed description of the specific content or information to be removed. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

If you are a California resident and would like to make either type of request described above, please contact us at privacy@vmware.com.

PART X: HOW TO CONTACT US

If you have any questions or concerns regarding this Privacy Notice, you may write to us at privacy@vmware.com or by mail to: Office of the General Counsel of VMware, Inc., 3401 Hillview Ave, Palo Alto, California, 94304, USA.

Alternatively, you may also direct your privacy-related feedback or concerns to the Privacy Grievance Officer whose details are as mentioned below:

Name: Mr. Darryl Anthony

E-mail: vmwareprivacy@vmware.com