VMware uses personal information it collects for the following purposes (unless otherwise restricted by applicable law). For information on how VMware shares personal information, see Part III.

Respond to Requests and Engage in/Process Transactions: VMware may use personal information to respond to your requests or provide information requested by you. VMware may also use personal information, including financial, credit card and payment information, to process your transactions.

Facilitate the Delivery of the Service and Account Administration: VMware may use personal information to provide you with the Services, to manage your account, and to communicate with you about your use of our Services. This may include managing product downloads, updates and fixes, providing support and recommendations, and sending other administrative or account-related communications, including release notes. VMware will also use personal information to facilitate the delivery of the Services and this may include tracking entitlements, verifying compliance, controlling access to the Service, and maintaining the security and operational integrity of the VMware IT infrastructure and our Services. See the VMware Products and Services Notice for details regarding the information VMware collects in connection with your use of the Services and in order to operate the Service.

Facilitate and Evaluate Use of the Online Properties: VMware may use personal information to provide you with the online Properties, to facilitate your use of the online Properties (such as facilitating navigation and the login process, preserving information between sessions and enhancing security), to improve quality, to evaluate page response rates and determine content.

Improve our Properties: VMware uses personal information and other data VMware collects from you to better understand our customers, users and website visitors and the way they use and interact with the Properties, including their user experience. VMware uses this information to provide a personalized experience, to implement the preferences you request, to improve quality and reliability, to diagnose issues with and improve the Properties and related user experiences, and to make recommendations.

Improve the Accuracy of our Records: We may use the personal information we receive from you or third parties to better understand you and/or maintain and improve the accuracy of the records we hold about you.

Provide Support: VMware uses personal information and other data VMware collects from you, in combination with other data we may have, in order to provide you with support in relation to our Properties.

Post Testimonials: VMware may use personal information to post testimonials on its Online Properties. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. You can request your testimonial be updated or deleted at any time by sending a request with your name, testimonial location and contact information.

Marketing: VMware will use information it obtains from you, your interactions with VMware and the Properties, and from third party sources to provide you with marketing and promotional communications, to deliver targeted and relevant advertising and marketing to you, to determine the effectiveness of our marketing and promotional campaigns, to better understand you and your preferences, and to position and promote our products and services. Our marketing will be conducted in accordance with your advertising / marketing preferences and as permitted by applicable law.

Security: VMware may use personal information to help monitor, prevent and detect fraud, enhance security, monitor and verify identity or access, and combat spam or other malware or security risks.

Quality Control and Training: VMware may use or access personal data for the purposes of quality control related to the Properties and staff training.

Third Party Social Networks: VMware may use personal information to interact with you on third party social networks (subject to that network's terms of use).

Conferences and Events: VMware and our partners may use personal information to communicate with you about our events or our partner events. After the event, VMware may contact you about the event and related products and services, and may share information about your attendance with your company and our conference sponsors and partners, where legally permitted to do so. If a partner or conference sponsor directly requests your personal information at their conference booths or presentations, your personal information will be handled in accordance with their privacy practices. We recommend that you review the privacy practices of such partners and sponsors.

Provide Online Communities and Blogs: We may use personal information and other information disclosed by you on our message boards, chat features, blogs and other services or platforms to which you are able to post information and materials for the purposes of providing you and our customers with a forum to discuss VMware Properties, responding to your request, providing you with support, improving our Properties or any other purposes set forth in this Privacy Notice. Any information that is disclosed in those forums becomes public information and may therefore appear in public ways, such as through search engines or other publicly available platforms, and may be “crawled” or searched by third parties. It could also be read, collected or used by other users to send you unsolicited messages. Please do not post any information that you do not want to reveal to the public at large.

Education and Training: If you sign up for a VMware certification course or seminar, VMware will use your personal information to facilitate the delivery of such course or seminar. To the extent your organization has paid for your certification course or seminar, VMware may provide the status of your course or seminar to your organization upon notice to you.

Protect our Employees and Facilities: VMware may use personal information as necessary to protect the health and safety of our employees and visitors, our facilities and our property and other rights. If you visit one of our sites, you may be photographed or videotaped as part of maintaining the security of such sites.

Other Legitimate Business Purposes: We may use your personal information when it is necessary for other legitimate purposes such as protecting VMware's confidential and proprietary information.

We take care to allow your personal information to be accessed only by those who really need access in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. We may share personal information about you with third parties in the following circumstances.

• Service providers: We may share your information with third parties, such as vendors, consultants, agents and other service providers who work on our behalf. Examples include vendors and service providers who provide assistance with marketing, billing, processing credit card payments, data analysis and insight, technical support and customer service. Unless described in this Privacy Notice or one of our other privacy notices, we do not share, sell, rent, or trade any of your personal information with third parties for their own promotional purposes.
  
  
• Business partners: We may provide your information to our channel partners, such as distributors and resellers, to fulfil product and information requests, to effectively deliver unified support, and to provide customers and prospective customers with information about VMware and its products and services. From time to time, VMware may engage in joint sales or product promotions with selected business partners. If you purchase or specifically express interest in a jointly-offered product, promotion or service, we may share relevant personal information with those partners.
  
  You should note that VMware does not control our business partners’ use of such information. Our partners are responsible for managing their own use of the personal information collected in these circumstances, including providing information to you about how they use your personal information. We recommend you review the privacy policies of the relevant partner to find out more about their handling of your personal information.
  
  
• VMware affiliates: We may share your information with our parent companies, subsidiaries and/or affiliates. This information may be shared and used to provide services and support, provide recommendations to optimize product and service use, to provide customers and prospective customers with information about the range of available products and services, and for the purposes otherwise described in this Privacy Notice.
  
  
• Vital interests: We may disclose information to any party where we believe it necessary in order to protect the vital interests of any person.
  
  
• Compliance with laws or any competent law enforcement body, regulatory body, government agency, court or third party: We may disclose information where we believe disclosure is necessary or required (i) by law or regulation, in order to comply with legal process or government requests (including in response to public authorities to meet national security or law enforcement requirements); or (ii) to exercise, establish or defend our legal rights.
  
  
• Business transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, dissolution, corporate reorganization or similar event. We will inform any buyer that your information shall only be used in accordance with this Privacy Notice.
  
  
• With your consent: We may disclose your personal information for any other purpose with your consent.

Personal information, including personal information collected in the European Economic Area ("EEA"), the United Kingdom or Switzerland, may be transferred, stored and processed by us and our services providers, partners and affiliates in the United States and potentially other countries whose data protection laws may be different to the laws of your country, for example to Canada, The Philippines, Singapore, India, Australia and Israel. Some of these countries are not deemed 'adequate' by the European Commission. We will protect your personal information in accordance with this Privacy Notice wherever it is processed and will take appropriate contractual or other steps to protect the relevant personal information in accordance with applicable laws. These steps include implementing the European Commission's Standard Contractual Clauses for transfers of personal information from our group companies in the EEA, the United Kingdom and Switzerland to our other group companies. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our service providers, partners and affiliates. In relation to VMware’s role as a processor of customer content, our Binding Corporate Rules will apply to any transfers of personal information.

Our subsidiary Lastline, Inc.adheres to the US-EU and US-Swiss Privacy Shield Framework regarding the collection, use, and retention of personal information from individuals in the European Union member countries and Switzerland. LastlineInc. has certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Privacy Principles shall govern. To learn more about the Privacy Shield program, and to view Lastline, Inc.’s certification page, please visit https://www.privacyshield.gov. Please note that Lastline Inc. has been assessed and verified by a third party verification agent. https://privacy.truste.com/privacy-seal/validation?rid=97c89c43-2c5d-4400-b4ec-1ecb8d45f6a7

Lastline, Inc. is responsible for the processing of personal information they receive under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Lastline, Inc. complies with the Privacy Shield Principles for all onward transfers of personal information from the European Union and Switzerland, including the onward transfer liability provisions. With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, Lastline, Inc is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

Lastline, Inc. commits to endeavor to promptly resolve complaints about privacy and collection or use of personal information (See ‘How To Contact Us” for contact details). If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. With regard to unresolved Privacy Shield complaints concerning human resources data transferred from the European Union in the context of the employment relationship, Lastline Inc. has further committed to cooperate with the panel established by the European Union data protection authorities (DPAs). For complaints involving human resources data transferred from Switzerland in the context of the employment relationship, Lastline, Inc. has committed to cooperate with Swiss Federal Data Protection and Information Commissioner (“FDPIC”).

Under certain conditions, more fully described on the Privacy Shield website here https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

VMware maintains (and requires its service providers to maintain) appropriate organizational and technical measures designed to protect the security and confidentiality of any personal information we process. For example, VMware employs physical access controls, encryption, Internet firewalls, intrusion detection and network monitoring depending on the nature of the information and the scope of processing. VMware staff who may have access to personal information are required to keep that information confidential. However, no security procedures or protocols are ever guaranteed to be 100% secure and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, anti-virus and anti-spyware software, and similar technologies to protect yourself online.

Right to Correct or Update Your Information: If you would like to correct or update personal information that you have provided to us, please logon to myvmware.com and update your profile.

Marketing Communications: You can opt-out of receiving marketing communications from VMware by going to the VMware Subscription Center and unsubscribing. You can also opt out by clicking "unsubscribe" in any marketing email communications we send you, or by sending an email to privacy@vmware.com.

Additional Rights for Certain Territories: If you reside in certain territories (such as the European Economic Area), you may have the right to exercise certain privacy rights available to you under applicable laws. We will process your request in accordance with applicable data protection laws. We may need to retain certain information for record-keeping purposes and/or to complete transactions that you began prior to requesting any deletion.

• Right not to provide consent or to withdraw consent: We may seek to rely on your consent in order to process certain personal information. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
• Right of access and/or portability: You may have the right to access the personal information that we hold about you and, in some limited circumstances, have that data provided to you so that you can provide or 'port' that data to another provider.
• Right of erasure: In certain circumstances, you may have the right to the erasure of personal information that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected).
• Right to object to processing: You may have the right to request that VMware stop processing your personal information and/or to stop sending you marketing communications.
• Right to rectification: You may have the right to require us to correct any inaccurate or incomplete personal information.
• Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is not accurate or lawfully held).
• Right to lodge a complaint to your local Data Protection Authority: You may have the right to lodge a complaint with your national Data Protection Authority or equivalent regulatory body.

If you would like to exercise any of the above rights, please contact privacy@vmware.com so that we may consider your request under applicable law. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

Rights and Choices where VMware acts as a Processor: Certain VMware Services may be used by our customers to collect personal information about you. In such cases, we are processing such personal information purely on behalf of our customers and any individuals who seek to exercise their rights should first direct their query to our customer (the controller).

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it and the purposes for which it is used.

However, we will normally collect personal information from you only, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some very rare cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time, or upon request, what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the "How to contact us" heading below.

How Long we Retain Your Information: We will retain personal information we collect from you where we have a justifiable business need to do so and/or for as long as is needed to fulfil the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, legal, accounting or other purposes). You can request deletion of your personal information at any time (see "Your Privacy Rights and Choices" section for further information) and we will consider your request in accordance with applicable laws.

When we have no justifiable business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Children: Our Properties are not directed to individuals under the age of 16. We do not knowingly collect personal information from such individuals. If you become aware that a child has provided us with personal information, please contact us by completing the Privacy Contact Form. If we become aware that a child under the age of 14 has provided us with personal information, we will take steps to delete such information.

Automated Decision-making: We do not employ solely automated decision-making, as a matter of course, that results in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you. Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review. If you are to be subject to automated decision making, we will make it clear at the time and you have the right to contest the decision, to express your point of view, and to require a human review of the decision.

External Links and Social Media Features: Our Properties may provide links to or the ability to connect with third party websites, services, social networks, applications or social media features such as "Share" or "Like" buttons. Visiting those sites or clicking on those links may allow the third party to collect and use information about you. Further, the personal information you choose to give to these third parties is not covered by this Privacy Notice. We encourage you to review the privacy notices and terms of use of such third parties prior to interacting with them or providing them with your personal information to understand how your information may be collected and used. VMware does not control the privacy practices of such third parties, nor do we endorse or make any representations about these third party websites, services, social networks or applications.

Do Not Track: Some Internet browsers - like Internet Explorer, Firefox, and Safari - include the ability to transmit "Do Not Track" or "DNT" signals. Since uniform standards for "DNT" signals have not been adopted, our online Properties do not currently process or respond to "DNT" signals. VMware takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard. To learn more about "DNT", please visit "All About Do Not Track".

Changes to this Privacy Notice: VMware will review and update this Privacy Notice periodically in response to changing legal, technical and business developments. When we update this Privacy Notice we will note the date of its most recent revision above. If we make material changes to this Privacy Notice, we will take appropriate measures to inform you in a manner that is consistent with the significance of the changes we make and is in accordance with applicable law. We encourage you to review this Privacy Notice frequently to be informed of how VMware is protecting your information.

If you have any questions or concerns regarding this Privacy Notice, you may write to us by completing the Privacy Contact Form or by mail to: Office of the General Counsel of VMware, Inc., 3401 Hillview Ave, Palo Alto, California, 94304, USA.

Alternatively, you may also direct your privacy-related feedback or concerns to the Privacy Grievance Officer whose details are as mentioned below:
Name: Stuart Lee
Title: Chief Privacy Officer
E-mail: privacy@vmware.com