VMware's Privacy Notices
VMware provides cloud computing and platform-virtualization services, enabling its enterprise customers to securely connect, manage and automate their digital infrastructures. The following Privacy Notices described how personal information may be collected, used, shared to stored by the different teams in VMware.
This notice explains the personal data we collect to manage our business and our relationships with customers, visitors and event attendees.
This notice addresses the personal data we collect about candidates in connection with our employment recruiting efforts.
This notice addresses the information we collect and use in connection with our customers’ deployment of our products and services.
Effective Date: April, Friday 8, 2022
VMWARE GLOBAL PRIVACY NOTICE
VMware, Inc., headquartered in the U.S., and its group companies ("VMware", "we", "us" and "our") are committed to protecting the privacy of individuals who interact with us, such as our website visitors, customers, business partners, leads and prospects, recipients of marketing communications, end users and event attendees ("you" and "your"). This Privacy Notice generally explains the different ways in which VMware collects, uses and shares personal information when:
- You visit, interact with or use any of our websites, social media pages, VMware mobile apps (where linked to this Privacy Notice), online advertisements, marketing or sales communications (our "online Properties");
- You visit, interact with or use any of our offices, events, sales, marketing and other offline activities (our "offline Properties"); and
- You purchase and use VMware products and services (including mobile apps) that have been deployed by one of our business customers, such as your employer (our "Services").
When we mean to refer to any combination of the above, we use the term "Properties".
This Notice does not generally cover the personal information we automatically collect in connection with your use of the VMware Services. For further details regarding the information collected and used by VMware in connection with the provision of the Services, see the VMware Products and Services Notice.
In connection with the provision of specific Properties, VMware may provide additional "just-in-time" disclosures or additional information about our data collection, use and sharing practices. These notices may supplement this Privacy Notice or clarify VMware's privacy practices in the circumstances described or may provide you with additional choices about how VMware processes your data.
If you have any questions about this Privacy Notice, please contact us by completing the Privacy Contact Form.
"Personal information" is information that identifies an individual or relates to an identifiable individual. VMware and third party service providers collect personal information and other information from various sources which generally fall into the following categories:
- Information you provide to us through your interactions with us and your use of the Properties
- Information we automatically collect from you in connection with your use of online Properties (see the VMware Products and Services Notice for information we automatically collect in connection with the Services)
- Information from third party sources and affiliated companies
We may combine information from these different sources for the purposes set forth in this Privacy Notice.
- Information we collect from you
- Information we automatically collect
- Information from third party sources and affiliated companies
We will collect personal information when you voluntarily provide it to us (including to our service providers or other parties who collect it on our behalf). For example, we collect personal information when you order, register for (or to use) or request information about VMware products, services or apps, subscribe to marketing communications, request support, complete surveys, provide in product feedback, or sign up for a VMware event or webinar. We may also collect personal information from you offline, such as when you attend one of our events, during phone calls with sales representatives, or when you contact customer support.
The personal information we collect may include contact information (such as your name, address, telephone number or email address), professional information (such as your employer name, address, job title, department or job role), user IDs and passwords, photographs for security purposes, and contact preferences. We also collect information you choose to provide to us when requesting information or completing any 'free text' boxes in our forms (for example, for event sign-up, product feedback or survey requests), or the nature of your request or communication. In addition, we may collect personal information disclosed by you on message boards, chat features, blogs and other services or platforms to which you are able to post information and materials (including third party services and platforms). We also may record our telephone or other communications with you, to the extent permitted by applicable law.
When making a purchase from VMware, we may also collect billing and transactional information.
We automatically collect certain information when you use, access or interact with our online Properties, including our online advertisements or marketing communications. This information does not necessarily reveal your identity directly but may include unique identification numbers and other information about the specific device you are using, such as the hardware model, operating system version, web-browser software (such as Firefox, Safari, or Internet Explorer), your Internet Protocol (IP) address/MAC address/device identifier, device event information (such as crashes, system activity and hardware settings, browser language, the date and time of your request and referral URL), broad geographic location (e.g. country or city-level location) and other technical data that uniquely identifies your browser. We may also collect information about how your device has interacted with our online Properties, such as the pages accessed and other statistical information.
In connection with your organization's deployment of certain Services, VMware may automatically collect information in relation to your use of the Services. See the VMware Products and Services Notice for more information regarding the types of data collected and used in connection with VMware’s provision of the Services.
If you are an individual user of VMware Services and you require more information regarding our data collection practices for Services deployed by your organization, please contact your IT administrator.
From time to time, we may obtain information about you from third party sources unless prohibited by applicable law, such as public databases, resellers and channel partners, marketing partners, social media platforms, event organizers or other publicly available information. We may also obtain information about you from our affiliated companies and, to the extent involved in the sales and marketing of our collective products and services, their appointed partners
Examples of the information we may receive from other sources include: name, address, telephone number, office location, approximate location (based on reverse IP lookup), account information, job role and publicly available employment profile, service and support information, information about your product or service interests or preferences, browsing habits, page-view information from some business partners with which we operate co-branded services or joint offerings, and credit history information from credit bureaus. We may use this information in conjunction with your contact details, professional information and VMware transaction history for the purposes set forth in this Privacy Notice, such as, for example, improving the accuracy of our records, better understanding you and your preferences, providing relevant marketing and support, and detecting and preventing fraud.
VMware uses personal information it collects for the following purposes (unless otherwise restricted by applicable law). For information on how VMware shares personal information, see Part III.
Communicate, Respond to Requests and Engage in/Process Transactions:: VMware may use personal information to communicate with you, respond to your requests or provide information requested by you. VMware may also use personal information, including financial, credit card and payment information, to process your transactions.
Facilitate the Delivery of the Service and Account Administration: VMware may use personal information to provide you with the Services, to manage your account, and to communicate with you about your use of our Services. This may include managing product downloads, updates and fixes, providing support and recommendations, and sending other administrative or account-related communications, including release notes. VMware will also use personal information to facilitate the delivery of the Services and this may include tracking entitlements, verifying compliance, controlling access to the Service, and maintaining the security and operational integrity of the VMware IT infrastructure and our Services. See the VMware Products and Services Notice for details regarding the information VMware collects in connection with your use of the Services and in order to operate the Service.
Facilitate and Evaluate Use of the Online Properties: VMware may use personal information to provide you with the online Properties, to facilitate your use of the online Properties (such as facilitating navigation and the login process, preserving information between sessions and enhancing security), to improve quality, to evaluate page response rates and personalize and determine content.
Improve our Properties: VMware uses personal information and other data VMware collects from you to better understand our customers, users and website visitors and the way they use and interact with the Properties, including their user experience. VMware uses this information to provide a personalized experience, to implement the preferences you request, to improve quality and reliability, to diagnose issues with and improve the Properties and related user experiences, and to make recommendations.
Improve the Accuracy of our Records: We may use the personal information we receive from you or third parties to better understand you and/or maintain and improve the accuracy of the records we hold about you.
Provide Support: VMware uses personal information and other data VMware collects from you, in combination with other data we may have, in order to provide you with support in relation to our Properties.
Post Testimonials: VMware may use personal information to post testimonials on its Online Properties. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. You can request your testimonial be updated or deleted at any time by sending a request with your name, testimonial location and contact information.
Marketing: VMware will use information it obtains from you, your interactions with VMware over time and across the Properties, and from third party sources to provide you with marketing and promotional communications, to deliver targeted and relevant advertising and marketing to you, to determine the effectiveness of our marketing and promotional campaigns, to better understand you and your preferences, and to position and promote our products and services. Our marketing will be conducted in accordance with your advertising / marketing preferences and as permitted by applicable law.
Security: VMware may use personal information to help monitor, prevent and detect fraud, enhance security, monitor and verify identity or access, and combat spam or other malware or security risks.
Quality Control and Training: VMware may use or access personal data for the purposes of quality control related to the Properties and staff training.
Conferences and Events: VMware and our partners may use personal information to communicate with you about our events or our partner events. After the event, VMware may contact you about the event and related products and services, and may share information about your attendance with your company and our conference sponsors and partners, where legally permitted to do so. If a partner or conference sponsor directly requests your personal information at their conference booths or presentations, your personal information will be handled in accordance with their privacy practices. We recommend that you review the privacy practices of such partners and sponsors.
Provide Online Communities and Blogs: We may use personal information and other information disclosed by you on our message boards, chat features, blogs and other services or platforms to which you are able to post information and materials for the purposes of providing you and our customers with a forum to discuss VMware Properties, responding to your request, providing you with support, improving our Properties or any other purposes set forth in this Privacy Notice. Any information that is disclosed in those forums becomes public information and may therefore appear in public ways, such as through search engines or other publicly available platforms, and may be “crawled” or searched by third parties. It could also be read, collected or used by other users to send you unsolicited messages. Please do not post any information that you do not want to reveal to the public at large.
Education and Training: If you sign up for a VMware certification course or seminar, VMware will use your personal information to facilitate the delivery of such course or seminar. To the extent your organization has paid for your certification course or seminar, VMware may provide the status of your course or seminar to your organization upon notice to you.
Protect our Employees and Facilities: VMware may use personal information as necessary to protect the health and safety of our employees and visitors, our facilities and our property and other rights. If you visit one of our sites, you may be photographed or videotaped as part of maintaining the security of such sites.
Other Legitimate Business Purposes: We may use your personal information when it is necessary for other legitimate purposes such as protecting VMware's confidential and proprietary information.
We take care to allow your personal information to be accessed only by those who really need access in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. We may share personal information about you with third parties in the following circumstances.
- Service providers: We may share your information with third parties, such as vendors, consultants, agents and other service providers who work on our behalf. Examples include vendors and service providers who provide assistance with marketing, billing, processing credit card payments, data analysis and insight, hosting, technical support and customer service. Unless described in this Privacy Notice or one of our other privacy notices, we do not share, sell, rent, or trade any of your personal information with third parties for their own promotional purposes.
- Business partners: We may provide your information to our channel partners, such as distributors and resellers, and to other business partners, to fulfil product and information requests, to effectively deliver unified support, and to provide customers and prospective customers with information about VMware and its products and services. From time to time, VMware may engage in joint sales or product promotions with selected business partners. If you purchase or specifically express interest in a jointly-offered product, promotion or service, we may share relevant personal information with those partners.
You should note that VMware does not control our business partners’ use of such information. Our partners are responsible for managing their own use of the personal information collected in these circumstances, including providing information to you about how they use your personal information. We recommend you review the privacy policies of the relevant partner to find out more about their handling of your personal information.
- VMware affiliates: We may share your information with our parent companies, subsidiaries and/or affiliates. This information may be shared and used to provide services and support, provide recommendations to optimize product and service use, to provide customers and prospective customers with information about the range of available products and services, and for the purposes otherwise described in this Privacy Notice.
- Vital interests: We may disclose information to any party where we believe it necessary in order to protect the vital interests of any person.
- Compliance with laws or any competent law enforcement body, regulatory body, government agency, court or third party: We may disclose information where we believe disclosure is necessary or required (i) by law or regulation, in order to comply with legal process or government requests (including in response to public authorities to meet national security or law enforcement requirements); or (ii) to exercise, establish or defend our legal rights.
- Business transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, dissolution, corporate reorganization or similar event. We will inform any buyer that your information shall only be used in accordance with this Privacy Notice.
- With your consent: We may disclose your personal information for any other purpose with your consent.
Personal information, including personal information collected in the European Economic Area ("EEA"), the United Kingdom or Switzerland, may be transferred, stored and processed by us and our services providers, partners and affiliates in the United States and potentially other countries whose data protection laws may be different to the laws of your country, for example to Canada, The Philippines, Singapore, India, Australia and Israel. Some of these countries are not deemed 'adequate' by the European Commission. We will protect your personal information in accordance with this Privacy Notice wherever it is processed and will take appropriate contractual or other steps to protect the relevant personal information in accordance with applicable laws. These steps include implementing the European Commission's Standard Contractual Clauses for transfers of personal information from our group companies in the EEA, the United Kingdom and Switzerland to our other group companies. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our service providers, partners and affiliates. In relation to VMware’s role as a processor of customer content, our Binding Corporate Rules will apply to any transfers of personal information.
Our subsidiary Lastline, Inc.adheres to the US-EU and US-Swiss Privacy Shield Framework regarding the collection, use, and retention of personal information from individuals in the European Union member countries and Switzerland. LastlineInc. has certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Privacy Principles shall govern. To learn more about the Privacy Shield program, and to view Lastline, Inc.’s certification page, please visit https://www.privacyshield.gov. Please note that Lastline Inc. has been assessed and verified by a third party verification agent. https://privacy.truste.com/privacy-seal/validation?rid=97c89c43-2c5d-4400-b4ec-1ecb8d45f6a7
Lastline, Inc. is responsible for the processing of personal information they receive under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Lastline, Inc. complies with the Privacy Shield Principles for all onward transfers of personal information from the European Union and Switzerland, including the onward transfer liability provisions. With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, Lastline, Inc is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Lastline, Inc. commits to endeavor to promptly resolve complaints about privacy and collection or use of personal information (See ‘How To Contact Us” for contact details). If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. With regard to unresolved Privacy Shield complaints concerning human resources data transferred from the European Union in the context of the employment relationship, Lastline Inc. has further committed to cooperate with the panel established by the European Union data protection authorities (DPAs). For complaints involving human resources data transferred from Switzerland in the context of the employment relationship, Lastline, Inc. has committed to cooperate with Swiss Federal Data Protection and Information Commissioner (“FDPIC”).
Under certain conditions, more fully described on the Privacy Shield website here https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
VMware maintains (and requires its service providers to maintain) appropriate organizational and technical measures designed to protect the security and confidentiality of any personal information we process. For example, VMware employs physical access controls, encryption, Internet firewalls, intrusion detection and network monitoring depending on the nature of the information and the scope of processing. VMware staff who may have access to personal information are required to keep that information confidential. However, no security procedures or protocols are ever guaranteed to be 100% secure and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, anti-virus and anti-spyware software, and similar technologies to protect yourself online.
Right to Correct or Update Your Information: If you would like to correct or update personal information that you have provided to us, please logon to myvmware.com and update your profile.
Marketing Communications: You can opt-out of receiving marketing communications from VMware by going to the VMware Subscription Center and unsubscribing. You can opt-out of receiving marketing communications from Carbon Black by going to the Carbon Black Preference Center and unsubscribing.
You can also opt out by clicking "unsubscribe" in any marketing email communications we send you, or by completing the Privacy Contact Form.
Additional Rights for Certain Territories: If you reside in certain territories (such as the European Economic Area), you may have the right to exercise certain privacy rights available to you under applicable laws. We will process your request in accordance with applicable data protection laws. We may need to retain certain information for record-keeping purposes and/or to complete transactions that you began prior to requesting any deletion.
- Right not to provide consent or to withdraw consent: We may seek to rely on your consent in order to process certain personal information. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
- Right of access and/or portability: You may have the right to access the personal information that we hold about you and, in some limited circumstances, have that data provided to you so that you can provide or 'port' that data to another provider.
- Right of erasure: In certain circumstances, you may have the right to the erasure of personal information that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected).
- Right to object to processing: You may have the right to request that VMware stop processing your personal information and/or to stop sending you marketing communications.
- Right to rectification: You may have the right to require us to correct any inaccurate or incomplete personal information.
- Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is not accurate or lawfully held).
- Right to lodge a complaint to your local Data Protection Authority: You may have the right to lodge a complaint with your national Data Protection Authority or equivalent regulatory body.
If you would like to exercise any of the above rights, please complete the Privacy Contact Form so we may consider your request under applicable law To protect your privacy and security, we may take steps to verify your identity before complying with the request.
You may have additional privacy rights if you are a California Residents, see our ‘Your California Privacy Rights’ notice for more information.
Rights and Choices where VMware acts as a Processor: Certain VMware Services may be used by our customers to collect personal information about you. In such cases, we are processing such personal information purely on behalf of our customers and any individuals who seek to exercise their rights should first direct their query to our customer (the controller).
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it and the purposes for which it is used.
However, we will normally collect personal information from you only, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some very rare cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time, or upon request, what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the "How to contact us" heading below.
How Long we Retain Your Information: We will retain personal information we collect from you where we have a justifiable business need to do so and/or for as long as is needed to fulfil the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, legal, accounting or other purposes). You can request deletion of your personal information at any time (see "Your Privacy Rights and Choices" section for further information) and we will consider your request in accordance with applicable laws.
When we have no justifiable business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Children: Our Properties are not directed to individuals under the age of 16. We do not knowingly collect personal information from such individuals. If you become aware that a child has provided us with personal information, please contact us by completing the Privacy Contact Form. If we become aware that a child under the age of 14 has provided us with personal information, we will take steps to delete such information.
Automated Decision-making: We do not employ solely automated decision-making, as a matter of course, that results in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you. Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review. If you are to be subject to automated decision making, we will make it clear at the time and you have the right to contest the decision, to express your point of view, and to require a human review of the decision.
Do Not Track: Some Internet browsers - like Internet Explorer, Firefox, and Safari - include the ability to transmit "Do Not Track" or "DNT" signals. Since uniform standards for "DNT" signals have not been adopted, our online Properties do not currently process or respond to "DNT" signals. VMware takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard. To learn more about "DNT", please visit "All About Do Not Track".
Changes to this Privacy Notice: VMware will review and update this Privacy Notice periodically in response to changing legal, technical and business developments. When we update this Privacy Notice we will note the date of its most recent revision above. If we make material changes to this Privacy Notice, we will take appropriate measures to inform you in a manner that is consistent with the significance of the changes we make and is in accordance with applicable law. We encourage you to review this Privacy Notice frequently to be informed of how VMware is protecting your information.
If you have any questions or concerns regarding this Privacy Notice, you may write to us by completing the Privacy Contact Form or by mail to: Office of the General Counsel of VMware, Inc., 3401 Hillview Ave, Palo Alto, California, 94304, USA.