Veeam Privacy Notice

Veeam is a global leader in data management and data protection solutions across the globe, offering a variety of data backup and replication software products. We operate in over 160 countries and have offices in over 35 countries worldwide. 

In accordance with applicable privacy laws, depending on your activity and/or the Veeam product(s) you use, Veeam Software Group GmbH, Veeam VaaS Corporation, or Veeam Software Corporation may be the “Data Controller” for Personal Information collected that is subject to this Privacy Notice.

The address for Veeam Software Group GmbH is: Lindenstrasse 16, Baar, CH-6340, Switzerland. The address for Veeam VaaS Corporation and Veeam Software Corporation is: 3000 Carillon Point Kirkland, Seattle, WA 98033, USA.

Additionally, you can email us with any questions about this Privacy Notice at privacy@veeam.com.

This Privacy Notice applies to Personal Information (as defined below) that we may collect through the following:

• Our website, www.veeam.com, including any subdomains or affiliated websites that connect to this Privacy Notice, as well as any other Veeam-branded digital properties;
• Interactions with current and prospective customers, including, for example, free product downloads, requests for marketing materials or other product information;
• Professional events, industry conferences, including events hosted or sponsored by Veeam; and
• Third-party websites and platforms where your contact information or other Personal Information is public and available to other users.

Note: This Privacy Notice does not apply to Personal Information Veeam may collect as part of its employee recruitment process. For more information about the Personal Information we collect as part of that process and how we use, share, and secure that information, please visit Veeam’s Recruiting Privacy Notice.

We use the Personal Information we collect for the following purposes:

• To Provide Requested Information or Materials, or Register You for Events, Programs, or Conferences. For example, we may use Personal Information to deliver materials requested about a specific product, to answer a question asked about how a product works, to deliver a requested product download or license keys for product licenses purchased, or to register you for a Veeam conference or event you have registered to attend.
• To Market Our Products and Services. For example, we may use Personal Information to provide marketing and promotional information about products and services that Veeam offers. Information you have provided to third parties may be combined with information we already have about you and may be used to create more tailored advertising and products. For information about how you can optout of receiving marketing communications from us at any time, or withdraw your consent to receive such communications, see the section titled “Your Data Privacy Rights.”
• For Business Analytics. For example, we may use Personal Information to track behavior at the aggregate/anonymous level to identify and understand trends in usage and the various interactions with our websites and marketing content and determining the effectiveness of our marketing.
• For Website Optimization. For example, we may use Personal Information to administer our website and for internal operations of the website, including troubleshooting, data analysis, testing, research, and statistical purposes; to improve user experience; and as a part of our efforts to keep our websites safe and secure.
• To Comply With Our Legal Obligations. For example, we may use Personal Information to identify website visitors, including for account authentication purposes; to carry out our obligations and enforce our rights arising from any agreement to which Veeam is a party; and to respond to valid legal requests for information.
• Performance of a Contract. To send you information you have requested and/or to perform the service which you have requested of Veeam.
• Fraud Prevention. For example, we may use Personal Information to prevent, protect against, investigate, or prosecute any fraud, abuse, or other misuse or illegal activity using our products or services.
• Legal Claims. We may use Personal Information to establish or preserve a legal claim or defense against a legal claim.
• Other Purposes Related to Your Interactions With Veeam. For example, we may use Personal Information to register you for an event, offer you the opportunity to participate in contests or promotions, to provide you with contest prizes or promotional materials (subject to any terms and conditions related to such contest or promotion), to create an account for you on our websites, to provide customer service (if you are a customer), to respond to a specific question, or to register you for courses or certifications that Veeam or its partners may offer.

Veeam will only collect, use, or share Personal Information for the purposes disclosed to you in this Privacy Notice.

Note that some of Veeam’s websites contain interactive elements, such as discussion forums and blogs that allow individual users to publish their own content, which will then be made available to other users. Any information posted on these blogs and forums becomes public, which means it could be read, collected or used by other users in any manner.

Veeam may share Personal Information with our worldwide partners (e.g. marketing, education, distribution, and reseller partners, online marketplaces, data centers and other service providers to or for Veeam) to perform one or more of the functions or purposes outlined above on Veeam’s behalf.

Specifically, we may disclose Personal Information that we collect or that you provide to us in the following circumstances:

• To our partners, service providers and other third parties with whom we share Personal Information to support our efforts to provide the services and products we offer (e.g. to analyze data, host data, provide customer support, teach courses related to our products, and deliver online and offline marketing communications).
• As required by law, such as to comply with any court order, subpoena or other law or legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a governmental or regulatory request.
• To related Veeam entities, for customer support, marketing, technical operations, and account management purposes.
• To a buyer or other successor in the event of a merger, sale or transfer of some or all of Veeam’s assets.
• Veeam also may share Personal Information with certain business partners, such as event and conference co-sponsors, to carry out transactions you request, or so that our partners may provide you with information about their products and services, or for research or analysis related to any event or conference for which you have registered, or where the business partner has a legal basis to do so.

Third parties with whom we share Personal Information are bound by all relevant and applicable data privacy laws and/or terms of confidentiality.

We do not use your personal data for the purposes of automated decision-making.

Veeam’s websites, advertisements, emails, and online services may use certain automatic data collection technologies, such as cookies, web beacons, and pixel tags, to collect data, including personal information. This data helps us to understand our users’ behavior, web searches, and where on our websites users have visited. We use cookies to distinguish amongst different users of our website, to help us provide you with a good experience when you browse our websites, and to allow us to improve our websites.

For more information about how Veeam uses Cookies and similar technologies, please visit our Cookie Notice.

Veeam software allows an end-user to use Google Mail as an alternative SMTP server to send email alerts and notifications to Veeam. In this event, Veeam software may use Google OAuth 2.0, which makes API authorization by an end-user possible without Veeam receiving end-user access data (for example, by the end-user entering his Google credentials directly into the Google authorization form). Relevant information, including the primary email address and access token are stored locally within the Veeam software installation folder on the end-user premises.

Information on the data collected by Google and how Google handles it can be found in Google's privacy policy: https://policies.google.com/technologies/partner-sites 

Veeam is a global company, and we collect personal information from individuals all over the world. We strive to comply with all applicable privacy and data security laws around the globe, including GDPR, the California Consumer Privacy Act (“CCPA”), and other applicable laws. We offer a number of tools to help maximize your control over the information Veeam may have about you.

If you have consented to receive communications, you can manage what information you receive from Veeam about products and services and how such information is received by specifying your communication preferences and subscription details at the subscription preferences page.

If you provided consent, but later wish to discontinue receiving marketing and/or non-transactional e-mails from us, you may do so in the “My Account” section of our website or using an "unsubscribe" link in any email or the Veeam unsubscribe page. Note that this does not apply to transactional emails related to users’ business relationship with Veeam.

In the event you choose not to provide certain Personal Information, we may not be able to respond completely or adequately to your questions, provide updates, and/or information about our products and services. We will however continue to use your Personal Information for the limited purpose of sending you important notices relating to information about your purchases, changes to our policies and agreements, or for other reasons permitted by applicable law.

You may have certain rights you can exercise under certain circumstances regarding your personal data. These may include:

• Right of Access/Right to Know/Right to Data Portability: You have the right to request that Veeam disclose to you the Personal Information we collect, use, or share about you, as well as information about our data privacy practices.
• Right of Erasure/Deletion: You may have the right to request that we delete the Personal Information that we have collected from you or about you.
• Right to Object: You may have the right to object to, or opt-out of, certain processing Veeam undertakes with your Personal Information.
• Right to Rectification: You may have the right to correct any incomplete or inaccurate Personal Information Veeam may hold about you.
• Right to Non-Discrimination: Veeam will not discriminate against you for exercising any of these rights.
• Right to Lodge a Complaint: Under GDPR to lodge a complaint with an appropriate data protection authority if you have concerns about how we process your Personal Information. Veeam does not “sell” your Personal Information.

Some of these rights can be exercised on the subscription preferences page. For example, you can correct certain of the Personal Information we have about you, you can withdraw consent for or object to certain processing, and you can restrict certain processing.

For any other requests to exercise your privacy rights, please email us at privacy@veeam.com or send us your request by filling in this form.

This section describes how we collect, use and share Personal Information of California residents in our capacity as a “business” under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CPRA”) and the rights these users may have with respect to their Personal Information.

For purposes of this section, the term “Personal Information” has the meaning given in the CPRA and does not include information exempted from the scope of the CPRA.

This section does not apply to our collection, use, and sharing of Personal Information of our job applicants and employees.  We provide a different privacy notice to such individuals, and that notice applies to such individuals instead of this section.

Your California privacy rights. California residents have the rights listed below.  However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

• Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
  • The categories of Personal Information that we have collected.
  • The categories of sources from which we collected Personal Information.
  • The business or commercial purpose for collecting and/or selling Personal Information.
  • The categories of third parties with which we share Personal Information.
  • The categories of Personal Information that we sold or disclosed for a business purpose.
  • The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.
• Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
• Correction. You can ask us to correct inaccurate Personal Information that we have collected about you.
• Deletion. You can ask us to delete the Personal Information that we have collected from you.
• Opt-out.
  • Opt-out of certain processing of Personal Information for targeted advertising purposes. You can opt-out of certain processing of personal information for targeted advertising purposes. 
  • If you have enabled a legally recognized browser-based opt-out preference signal (such as Global Privacy Control) on your browser, we recognize such preference in accordance and to the extent required by applicable law.  You will need to turn this on for each browser. You can also opt out by engaging with your cookies setting and turning off Social Media and Advertising cookies.
  • Opt-out of profiling/automated decision making. You can opt-out of automated processing or profiling performed on personal information to evaluate, analyze, or predict personal aspects related to a person's economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. 
  • Opt-out of other sales of personal data. You can opt-out of other sales of your Personal Information.
• Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CPRA.  

Exercising your right to information/know, access, correction, and deletion. You may submit requests to exercise your right to information/know, access, correction, or deletion via email to privacy@veeam.com.

Exercising your right to opt-out of the “sale” or “sharing” of your Personal Information. Like many companies, we use services that help deliver targeted ads to you as described above. California law may classify our use of some of these services as “selling” or “sharing” your Personal Information with the advertising partners that provide the services.  You can submit requests to opt-out of certain processing of Personal Information for targeted advertising purposes or other sales of Personal Information via email to privacy@veeam.com.

Verification of identity; authorized agents. We will need to verify your identity in order to process your information/know, access, correction, or deletion requests and reserve the right to confirm your residency. To verify your identity, we may require government identification, a declaration under penalty of perjury, or other information, where permitted by law. 

Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465.  If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CPRA rights on your behalf, provide the information we request to verify your identity, and provide us with confirmation that you have given the authorized agent permission to submit the request.

Personal Information that we Collect, Use, and Disclose. Please see above for a list of personal information we may collect, use and to which third parties we may disclose such information.

The information provided in this Supplemental European Privacy Statement applies only to individuals in the European Economic Area, United Kingdom, and Switzerland (collectively, “Europe”). If you are based in Europe, this Supplemental European Privacy Statement applies to you in addition to the Privacy Notice above.

References to “personal information” in this Privacy Notice should be understood to include references to “personal data” as defined by the “GDPR” (i.e., the General Data Protection Regulation 2016/679 (“EU GDPR”) and the EU GDPR as it forms part of UK law (“UK GDPR”)). Under the GDPR, personal data is information about an individual, from which that individual is either directly identified or can be identified.  It does not include ‘anonymous data’ (i.e., information where the identity of the relevant individual has been permanently removed and that individual is no longer identified or identifiable).

Veeam is the controller in respect of the personal data covered by this Privacy Notice for the purposes of the GDPR. 

Cookies. With respect to web cookies and other technologies that are not strictly necessary for our provision of online services, Veeam seeks consent from users of online services in Europe based on a separate Cookies Policy.

Legal Basis of Processing.

• In respect of each of the purposes for which we use your personal data, the GDPR requires us to ensure that we have a “legal basis” for that use. Our legal bases for processing your personal information described in this Privacy Policy include:
  • Where we need to perform a contract, we are about to enter into or have entered into with you (“Contractual Necessity”).
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). 
  • Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
  • Where we have your specific consent to carry out the processing for the Purpose in question (“Consent”).  

Data Security

Veeam takes the security of Personal Information seriously. To protect Personal Information against accidental or unlawful destruction, loss or alteration, Veeam uses risk-based technical and organizational security measures reasonably designed to prevent any unauthorized disclosure or access. For example, Veeam has implemented strict security controls, intrusion detection software and processes to alert us in the case of a potential or actual intrusion of our information systems.

Storing and Transferring Personal Information

Veeam is a global organization so the information you provide to Veeam may be transferred or accessed by Veeam corporate entities in Switzerland and other countries around the world. No matter where Veeam stores or accesses Personal Information, it is collected, used, shared, and protected in accordance with this Privacy Notice. 

Veeam uses approved Standard Contractual Clauses for the transfer of Personal Information collected in the European Economic Area and Switzerland to third countries.

Veeam also abides by the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of Personal Information transferred among participating APEC economies.

Data Retention

We will only retain your personal data for as long as reasonably required for you to use the Sites and/or to provide you with the Services requested, whichever is longer, or until you notify us of your desire to have your personal data deleted unless a longer retention period is required or permitted by law (i.e. for regulatory purposes).

Children’s Privacy

Veeam will not knowingly collect Personal Information from any person that is not a legal adult, as defined by local law, without insisting that they seek prior parental consent, if such consent is required by applicable law. Veeam does not target children in connection with its products, services, and websites. In the event Veeam uses or discloses Personal Information of a person that is not a legal adult, Veeam will seek parental consent pursuant to local laws and regulations in order to protect the person that is not a legal adult. 

Veeam complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Veeam has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Veeam has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.

Subject to the following paragraph, we ask that you not send us, and you not disclose (orally or otherwise), any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Sites or otherwise to us.

If you send or disclose any sensitive personal data to us when you submit user generated content to our Sites, we will delete such sensitive personal data from our records. If you do not consent to our processing and use of such sensitive personal data, you must not submit such user generated content to our Sites. 

Veeam is only responsible for Veeam’s privacy practices and its websites. Veeam’s website may contain links to third party websites which are for additional information and your convenience. Inclusion of these links on the Veeam website does not signify our endorsement of such third party service providers or their products, content or websites. Veeam does not control those other websites, endorse or make any representation about other websites, and is not responsible for the privacy practices of those other websites. 

In our commitment to innovation and excellence, we may employ Generative AI technologies to enhance the creation, proofreading, refinement, and stylistic improvement of our content. This includes, but is not limited to, marketing materials, knowledge base articles, forum posts, technical documentation, and other forms of written communication. These AI technologies may be used to assist in ensuring the accuracy, grammatical integrity, overall quality, and engaging style of the content we provide to our users and clients. The use of Generative AI aligns with our goal to deliver clear, accurate, engaging, and stylistically polished information across our platforms and interactions.

As with all our processes, the application of Generative AI in content creation, management, and style enhancement is conducted in strict adherence to applicable data privacy laws and regulations and involves a competent human review. We ensure that the use of such technologies respects the privacy and integrity of the data we handle, maintaining our commitment to protecting personal information and upholding our high standards of data security.

As a technology company, our systems will mature and change as will this Privacy Notice. Changes to this Privacy Notice with the most recent revision date will be posted at www.veeam.com. We will take steps to notify you of the material changes to this Privacy Notice by posting the changes here or contacting you by e-mail.

Veeam is committed to responding to reasonable requests to review any of your Personal Information we may have and to amend, correct, or delete any inaccuracies. To have your information amended, corrected, or deleted, or if you have any questions that were not answered in this Privacy Notice, you can email us at privacy@veeam.com.