Personal information is used for the following purposes (unless restricted by applicable law):

• Communicate, Respond to Requests and Engage in/Process Transactions. We may use personal information to communicate with you, respond to your requests or provide information requested by you. We may also use personal information, including financial, credit card and payment information, to process your transactions.
• Facilitate the Delivery of the Service and Account Administration. We may use personal information to provide you with Services, manage your account, and communicate with you about your use of our Services. This may include managing product downloads, updates and fixes, providing support and recommendations, and sending other administrative or account-related communications, including release notes. We will also use personal information to facilitate the delivery of Services, including tracking entitlements, verifying compliance, controlling access to the Service, and maintaining the security and operational integrity of our IT infrastructure and our Services. See the VMware Products and Services Notice for details regarding the information We collect in connection with your use of the Services.
• Facilitate and Evaluate Use of the Online Properties. We may use personal information to provide you with our online Properties, facilitate your use of our online Properties (such as facilitating navigation and the login process, preserving information between sessions and enhancing security), improve quality, evaluate page response rates and personalize and determine content.
• Improve our Properties. VWe use personal information and other data collected from you to better understand our customers, users and website visitors and the way they use and interact with the Properties, including their user experience. We use this information to provide a personalized experience, implement the preferences you request, improve quality and reliability, diagnose issues with and improve the Properties and related user experiences, and make recommendations.
• Improve the Accuracy of our Records. We may use the personal information we receive from you or third parties to better understand you and/or maintain and improve the accuracy of the records we hold about you.
• Provide Support. We use personal information and other data collected from you, in combination with other data we may have, in order to provide you with support in relation to our Properties.
• Post Testimonials. We may use personal information to post testimonials on our online Properties. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. You can request your testimonial be updated o deleted at any time by submitting a request via our Privacy Contact Form.
• Marketing. We will use information obtained from you, your interactions with us, and from third-party sources to position and promote our products and services, deliver targeted and relevant marketing communications to you, to determine the effectiveness of our marketing and promotional campaigns, improve the contextual relevance of the content we send to you, and to generate lead scoring to determine the interest in our products and services. We may use information obtained from you in an aggregated format to support analytical efforts to better understand our website visitors’ interests and optimize content consumption and to undertake qualification scoring to model audiences.
• Security. We may use personal information to help monitor, prevent and detect fraud, enhance security, monitor and verify identity or access, and combat spam or other malware or security risks.
• Quality Control and Training. We may use or access personal information for quality control purposes related to the Properties and staff training.
• Third Party Social Networks. We may use personal information to interact with you on third-party social networks (subject to that network's terms of use).
• Conferences and Events. We may use personal information to communicate with you about our events. After the event, we may contact you about the event and related products and services, may share information about your attendance with your company, and, upon your consent, with our conference sponsors. If a partner or conference sponsor directly requests your personal information at their conference booths or presentations, your personal information will be handled in accordance with their privacy practices. We recommend that you review the privacy practices of such partners and sponsors.
• Provide Online Communities and Blogs. We may use personal information and other information disclosed by you on our message boards, chat features, blogs and other services or platforms to which you are able to post information and materials for the purposes of providing you and our customers with a forum to discuss our Properties, responding to your request, providing you with support, improving our Properties or any other purposes set forth in this Privacy Notice. Any information that is disclosed in those forums becomes public information and may therefore appear in public ways, such as through search engines or other publicly available platforms and may be “crawled” or searched by third parties. It could also be read, collected or used by other users to send you unsolicited messages. Please do not post any information that you do not want to reveal to the public at large.
• Education and Training. If you sign up for a VMware certification course or seminar, we will use your personal information to facilitate the delivery of such course or seminar. To the extent your organization has paid for your certification course or seminar, we may provide the status of your course or seminar to your organization upon notice to you.
• Protect our Employees and Facilities. We may use personal information as necessary to protect the health and safety of our employees and visitors, our facilities and our property and other rights. If you visit one of our sites, you may be photographed or videotaped as part of maintaining the security of such sites.
• Employee benefits and contacts We may use personal information of Beneficiaries in case of emergencies involving the employee for which the Beneficiary is the emergency contact, and to administer employment-related benefits.
• Other Legitimate Business Purposes. We may use personal information when it is necessary for other legitimate purposes such as protecting our confidential and proprietary information.

We take care to allow your personal information to be accessed only by those who need access to be able to perform their duties, and to be shared only with third parties who have a legitimate purpose for accessing it. We may share your personal information with third parties as follows:

• Service providers. We may disclose your information with our service providers, such as vendors, consultants, agents and other third parties who work on our behalf. For example, we may need to disclose information to vendors and service providers who provide assistance with marketing, billing, processing credit card payments, data analysis and insight, hosting, employment benefits, technical support and customer service. Unless described in any of our privacy notices, we do not share, sell, rent, or trade any of your personal information with third parties for their own promotional purposes.
• Business partners. We may disclose your information to our channel partners, such as distributors and resellers, and to other business partners, to fulfill product and information requests, to effectively deliver unified support, and to provide customers and prospective customers with information about us and our products and services. From time to time, we may engage in joint sales or product promotions with selected business partners. If you purchase or specifically express interest in a jointly offered product, promotion or service, we may share relevant personal information with those partners.

  Note that we do not control our business partners' use of such information. Our partners are responsible for managing their own use of the personal information collected in these circumstances, including providing information to you about how they use your personal information. We recommend you review the privacy policies of the relevant partner to find out more about their handling of your personal information.

• VMware affiliates. We may share your information with our parent companies, subsidiaries and/or affiliates. This information may be shared and used to provide services and support, provide recommendations to optimize product and service use, to provide customers and prospective customers with information about the range of available products and services, and for the purposes otherwise described in this Privacy Notice.
• Vital interests. We may disclose information to any party where we believe it necessary in order to protect the vital interests of any person.
• Compliance with laws or any competent law enforcement body, regulatory body, government agency, court or third party. We may disclose information where we believe disclosure is necessary or required (i) by law or regulation, in order to comply with legal process or government requests (including in response to public authorities to meet national security or law enforcement requirements); or (ii) to exercise, establish or defend our legal rights.
• Business transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, dissolution, corporate reorganization or similar event. We will inform any buyer that your information shall only be used in accordance with this Privacy Notice.
• With your consent. We may disclose your personal information for any other purpose with your consent.

We offer all individuals, regardless of residency, certain privacy choices. Residents of some territories (such as the European Economic Area or California) are afforded various additional privacy rights by applicable law.

Your choices

• Marketing communications. You may modify how we contact you through email for marketing or promotional purposes. If you don’t want to receive marketing communications from us, you can opt-out at any time by using the VMware Preference Center accessible through Customer Connect or by clicking the “unsubscribe” button included in any marketing communications we send you. You can opt-out of receiving marketing communications from Carbon Black by going to the Carbon Black Preference Center and unsubscribing.


• Correct or update your information. If you would like to correct or update personal information that you provided to us, please logon to customerconnect.vmware.com and update your profile.


• Cookies and targeted advertising. You may opt out of our use of cookies and similar technologies on our online Properties for various purposes such as targeted advertising. To do so, when you visit our online Properties, go to the cookie settings and turn off cookies per your preferences. Please see our Cookie Notice to learn more about cookies

Your rights
Your rights may include:

• Access and portability. You may ask us to confirm whether we are processing your personal information, provide you with details about such processing, and, in some limited circumstances, give you a copy of your personal information.  You may ask us to provide your personal information in a structured, commonly used, machine-readable format, or you can ask to have it ported directly to another data controller.
• Erasure or deletion. You may ask us to delete the personal information that we hold about you.
• Rectification or correction. You may ask us to correct any inaccurate or incomplete personal information that we hold about you.
• Objection to processing. You may request that we stop processing your personal information for specific purposes including marketing and profiling.
• Restriction of processing. You may request that we restrict the processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is not accurate or lawfully held).
• Appeal. You may have the right to appeal a decision we make regarding the exercise of your privacy rights.
• Lodge a complaint to your local Data Protection Authority. You may have the right to lodge a complaint with your national Data Protection Authority or equivalent regulatory body.
• Automated decision-making. We do not employ solely automated decision-making, as a matter of course, that results in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you. Automated decisions are decisions made automatically based on computer determinations (using software algorithms), without human review. If you are to be subjected to automated decision making, we will make it clear at the time and you have the right to contest the decision, to express your point of view, and to require a human review of the decision.

We maintain (and require our service providers to maintain) appropriate organizational and technical measures designed to protect the security and confidentiality of any personal information we process. These measures include physical access controls, encryption, Internet firewalls, intrusion detection and network monitoring depending on the nature of the information and the scope of processing. VMware staff who may have access to personal information are required to keep that information confidential. Despite these controls, we cannot completely ensure or warrant the security of your information and encourage you to take steps to protect your information when disclosing personal information online by using readily available tools, such as Internet firewalls, anti-virus and anti-spyware software, and similar technologies.

Personal information, including personal information collected from or about you may be transferred, stored and processed by us and our service providers, partners and affiliates in countries other than where your personal information was collected and other than where you reside, including the United States and other countries whose data protection laws may be different than the laws of your country. We will protect your personal information in accordance with this Privacy Notice wherever it is processed and will take appropriate steps to protect your personal information in accordance with this Privacy Notice and applicable laws. We have implemented similar appropriate safeguards with our service providers, partners and affiliates.

For transfers of personal information from our group companies in the EEA, the United Kingdom and Switzerland to our other group companies, we have implemented the Standard Contractual Clauses (issued by the European Commission or the UK’s Information Commissioner’s Office). Our Standard Contractual Clauses can be provided upon request. In relation to our role as a processor of customer content, our Binding Corporate Rules will apply to any transfers of personal information.

We will retain personal information we collect from you where we have a justifiable business need to do so and/or for as long as is needed to fulfil the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, legal, accounting or other purposes). Specifically, our retention schedule categorizes records or information by department, content type, retention period, and any supplemental policies (domestic, regional and global) where applicable. Our retention schedule is based on a combination of laws and regulatory requirements, legal guidance, the amount, nature, and sensitivity of the personal information and to maximize operational efficiencies.

When we have no justifiable business need to process your personal information, we will either delete or anonymize it. If deletion or anonymization is not possible (for example, your personal information may be stored in backup archives or for technical reasons), we will securely store your personal information and implement appropriate measures to prevent any further processing until deletion is possible. If we de-identify or anonymize your personal information, we will maintain and use it in de-identified form and not attempt to re-associate the information with you, except to test our de-identification procedures.

If you request deletion of your personal information (see “Your Privacy Choices and Rights” section for further information) we will consider your request in accordance with applicable laws.

California notice. This additional California Privacy Notice sets forth our disclosure obligations under California law and provides further information about privacy rights for California residents.

Canada notice. VMware has appointed Stuart Lee, Chief Privacy Officer, to oversee compliance with this Privacy Notice and applicable privacy laws. For information on VMware’s privacy practices, please contact Mr. Lee by completing the Privacy Contact Form or by mail to: Stuart Lee, Chief Privacy Officer, VMware, Inc., 3401 Hillview Ave, Palo Alto, California, 94304, USA.

China notice. This additional China Privacy Notice sets forth our disclosure obligations under Personal Information Protection Law of the People's Republic of China (“PIPL”).

European Economic Area and UK – legal basis for processing personal information. Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We will normally collect personal information from you only if we need the personal information to perform a contract with you, the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or we have your consent to do so. In rare cases, we may have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person. We may sometimes provide you with additional information about this legal basis at the time this information is collected. See Part II, ‘How We Use Your Information’, for more details regarding the purposes for which we process your personal information. To process your personal information for such purposes, we typically rely on our legitimate interests in providing information and resources to prospective customers in an effective and secure manner; in promoting our products and services; in improving the functionality, adoption, and security of our products and services; in providing support; in facilitating the sale and use of our products and services; in protecting our employees, facilities, and rights; and in providing benefits to our employees. As applicable, we may also rely on your consent, or such processing may be necessary for the performance of a contract.

Children. Our Properties are not directed to individuals under the age of 16. We do not knowingly collect personal information from such individuals. If you become aware that a child has provided us with personal information, please contact us by completing the Privacy Contact Form. If we become aware that a child under the age of 14 has provided us with personal information, we will take steps to delete such information.

External links and social media features. Our online Properties may provide links to or the ability to connect with third-party websites, services, social networks, applications or social media features such as "Share" or "Like" buttons. Visiting those sites or clicking on those links may allow the third party to collect and use information about you. Further, the personal information you choose to give to these third parties is not covered by this Privacy Notice. We encourage you to review the privacy notices and terms of use of such third parties prior to interacting with them or providing them with your personal information to understand how your information may be collected and used. We do not control the privacy practices of such third parties, nor do we endorse or make any representations about these third-party websites, services, social networks or applications.

Global Privacy Control. Some Internet browsers and browser extensions - like Brave, DuckDuckGo and Privacy Badger - include the ability to transmit “Global Privacy Control” or “GPC” signals. Our online Properties process GPC signals and respond by disabling select cookies. The signal applies only to your device and browser; if you visit our website from a different device or browser, you will need to re-set your GPC settings. To learn more about "GPC" and how to use it, please visit GlobalPrivacyControl.org.

Changes to this Privacy Notice. We will review and update this Privacy Notice periodically in response to changing legal, technical and business developments. When we update this Privacy Notice we will note the date of its most recent revision above. If we make material changes to this Privacy Notice, we will take appropriate measures to inform you in a manner that is consistent with the significance of the changes we make and is in accordance with applicable law. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

If you have any questions or concerns regarding this Privacy Notice, you may write to us by completing the Privacy Contact Form or by mail to: Office of the General Counsel of VMware, Inc., 3401 Hillview Ave, Palo Alto, California, 94304, USA.