Arm Privacy Policy

Introduction

Arm understands the fundamental importance of privacy, data protection, and security. We take your privacy seriously and are committed to safeguarding your personal data. This Privacy Policy (“Policy”) informs you how Arm Limited, 110 Fulbourn Road, Cambridge, Cambridgeshire, CB1 9NJ, registered number 2557590, and its subsidiaries (collectively “we”, “us” or “our”), collect, process, transfer and protect personal data.

In this Policy, “personal data” means any information which on its own or combined with other information relates to and identifies (directly or indirectly) a living individual.

Scope

This Policy applies to all Arm companies as well as Arm websites, domains, services, applications, and products.  

This Policy does not apply to third-party applications, websites, products, services or social media platforms that may be accessed through links that we provide to you. These sites are owned and operated independently from us, and they have their own separate privacy and data collection practices. Any personal data that you provide to these websites will be governed by the third party’s own privacy policy. We cannot accept liability for the actions or policies of these independent sites, and we are not responsible for the content or privacy practices of such sites.

Types of Data We Collect and How We Collect It

Data you provide

When you interact with us, we collect and process personal data from your online activity, your use of devices, products or services. This data can be used to help you set up an account, deliver products or services to you or improve the way we or our products work with you. This data may include:

  • Account information such as your name, title, date of birth, gender, company, profile photo, email address, mailing address and phone number.
  • Payment information such as your billing address, credit card, debit card or other payment method.
  • Other information such as your occupation, employment details, academic institution details and residential address.

Data we automatically collect

When you visit an Arm website we automatically collect and store information about your visit using browser cookies (files which are sent by us to your computer) or similar technology which we can access when you visit an Arm website in future. To read more about cookies and local shared objects, please read our Cookie Policy.

We also process information when you use our services. This information includes IP addresses, login information, device IDs, time stamps, authentication records, location information, carrier service used, signal strength, the origin, destination, type and quantity of traffic passed and other operational data.

Data we collect from third parties

We may receive your personal data from third parties such as social network platforms, partners and other sources. This information is not collected by us but by a third party and is subject to the relevant third party’s own separate privacy and data collection policies. We do not have any control or input on how your personal data is handled by third parties so if you have any questions you should contact the relevant third party for further information about your personal data.  

How We Use Personal Data We Collect

We collect and use personal data about you with your consent to provide, maintain, and develop our products and services and understand how to improve them.

Provide, Develop, and Improve our Products and Services  

  • Deliver, maintain, debug and improve our products and services;
  • Enable you to access Arm services and set up accounts;
  • Provide cloud services and tools to enable you to create and deploy commercial, standards-based IoT solutions;
  • Host discussions, blogs and information to encourage knowledge sharing and effective collaboration;
  • Enable you to access the Arm Community or register on the Arm Education Media’s digital content hub;
  • Activate, administer and monitor software tools;
  • Provide you with technical and customer support; and
  • Allow you to enroll in educational courses or training schemes about our products and services.

Build a Safe and Secure Environment  

  • Verify or authenticate your identity; and
  • Investigate and prevent security incidents such as breaches, attacks and hacks.

Organise and Deliver Advertising and Marketing   

  • Aggregate your information in an anonymised form to generate usage statistics;
  • Display content and advertising, including third-party advertising, that we believe might be of interest to you;
  • Send you newsletters and other marketing communications about current and future products, programs and services, events, competitions, surveys and promotions held by us or hosted on our behalf; and
  • Organise events or register attendees and schedule meetings for events.

Where we process your personal data to provide a product or service, we do so because it is necessary to perform contractual obligations. All of the above processing is necessary in our legitimate interests to provide products and services and to maintain our relationship with you and to protect our business for example against fraud. We will seek your consent to send you direct marketing.

Process and storage

We store and process data on servers in the European Economic Area (EEA). However, your personal data may also be transferred to and processed in regions including North America, Africa and Asia Pacific. Laws protecting your personal data may be different to the place where you live. We will take appropriate steps to ensure that your personal data is treated securely and in accordance with this Policy as well as applicable data protection law. We are in the process of applying for approval of Binding Corporate Rules and, pending approval, we will enter into EU standard contractual clauses (or equivalent measures) with parties outside the EEA (available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en)

Sharing and Disclosure

We will share your personal data with third parties only in the ways set out in this Policy or set out at the point when the personal data is collected. We consider your personal data to be a vital part of our relationship with you. We do not sell your personal data to third parties, including to third-party advertisers.

Arm Subsidiaries

We may share your information across the Arm corporate group in order to provide, maintain and develop our products and services. For example, if you are based outside Israel or Finland then we will need to share your personal data with our subsidiaries in these countries in order to provide our Mbed cloud services to you.

Legal Requirement

We may use or disclose your personal data in order to comply with a legal obligation, in connection with a request from a public or government authority, or in connection with court or tribunal proceedings, to prevent loss of life or injury, or to protect our rights or property. Where possible and practical to do so, we will tell you in advance of such disclosure.

Service Providers and Other Third Parties

We use a variety of third party service providers, independent contractors, agencies, approved distributors and consultants to deliver and help us improve our products and services. Service providers may be within or located outside the EEA. We may share your personal data with marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others but only to maintain and improve our products and services.

We partner with other embedded tool companies and semi-conductor manufacturers to provide you with important or interesting information about products or services that you may find beneficial. We may provide your personal data to these third parties to enable them to provide you with such information.

Data Aggregation and Analytics

We may collate your personal data you provide to us or we collect and use it anonymously for analytics, benchmarking and to effectively monitor the website and improve your user experience.

Security

We are constantly deploying and updating our technical and organisational security measures to protect against loss, misuse or alteration of personal data that we have collected or received from a third party.

To the extent permitted by law, Arm may review, scan or analyse communications for fraud prevention, investigation, regulatory compliance, risk assessment, research, product development, and customer support purposes.  

We use industry-standard encryption technologies when transferring and receiving personal data, and network access control technology to limit access to the systems on which personal data is stored, and we monitor for possible vulnerabilities and attacks.

If you become aware that there has been a breach in security of any of the personal data that we store or that is stored by our third-party service providers, please contact us via the instructions provided in the Contact Us section below.

Retention

We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent required by applicable law. When we no longer need personal data, we will remove it from our systems and / or take steps to anonymise it.

Your rights

You have the following rights (if applicable):

Access

You have the right to request a copy of the personal data we are processing about you.

Rectification

You have the right to have incomplete or inaccurate personal data that we process about you rectified.  

Deletion 

You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims. 

Restriction 

You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or if we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish us to delete it.

Portability 

You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you.

Objection

Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.

Withdrawing Consent

If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge such as where you wish to opt out from marketing messages that you receive from us.  If you wish to withdraw your consent, please contact us at opt-out@arm.com.

You can make a request to exercise any of these rights in relation to your personal data by sending the request by mail to Privacy Counsel of Arm Limited, 110 Fulbourn Road, Cambridge, CB1 9NJ or email to privacy@arm.com.  For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information.

Children’s Privacy

We will not knowingly collect personal data from children under the age of 16 years.  

Changes

We may modify this Policy at any time. If we make changes to this Policy then we will post an updated version of this Policy on our website.   

Contact Us

To contact us, please email privacy@arm.com or write to us at:

Privacy Counsel
Arm Limited
110 Fulbourn Road
Cambridge
CB1 9NJ

Complaints

If you have a complaint about this Policy or any element of your personal information that we hold then please contact us at the above address. If you are not satisfied, then you have the right to lodge a complaint with the local data protection authority. If you are based in, or the issue relates to, the UK, you can contact the Information Commissioner’s Office at the following address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Alternatively, you can use an online form via the Information Commissioner’s website (https://ico.org.uk/concerns).

If you are based in, or the issue you would to complain about took place elsewhere in the EEA, please visit this website (http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=50061) for a list of local data protection authorities in other EEA countries.

Last updated: May 2018, SP-LES-PRE-20809 Version: 0.9,

Copyright © 2018 Arm Limited (or its affiliates). All rights reserved.