Arm Global Privacy Statement

Introduction

This Arm Privacy Statement ("Privacy Statement") describes our privacy practices. Please read this Privacy Statement carefully to learn how we collect, use, share and otherwise process information relating to individuals ("Personal Data"), and to learn about your rights and choices regarding our processing of your Personal Data.

A reference to “Arm”, “we,” “us” or the “Company” is a reference to Arm Ltd of 110 Fulbourn Road, Cambridge CB1 9NJ, UK.

Scope

Arm is the controller of your Personal Data as described in this Privacy Statement.

For the avoidance of doubt, this Privacy Statement does not apply to the extent we process Personal Data in the role of a processor on behalf of our customers, including where we offer to our customers various cloud products and services.

Types of Processing Activities

This Privacy Statement applies to the processing of Personal Data collected by us when you:

  • Visit our websites that display or link to this Privacy Statement;
  • Visit our branded social media pages;
  • Visit our offices;
  • Receive communications from us, including emails, phone calls, texts or fax; or
  • Register for, attend and/or otherwise take part in our events, webinars or contests.

Personal Data We Collect

1. Directly From You

The Personal Data that we collect directly from you includes the following:

  • If you express an interest in obtaining additional information about our services, use our "Contact Us" or similar features, register to use our websites, sign up for an event, contest, or download certain content, we will require that you provide to us your contact information, such as your name, job title, company name, address, phone number, email address or username and password;
  • If you attend an event where we scan your attendee badge, we will collect from your attendee badge information such as name, title, company name, address, country, phone number and email address;
  • If you use and interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails through cookies, web beacons or similar technologies (please see the "Device and Usage Data" section below for more information);
  • If you use and interact with our services, we automatically collect information about your device and your usage of our services, through log files and other technologies, some of which may qualify as Personal Data (please see the "Device and Usage Data” section below for more information); and
  • If you visit our offices, you will be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival.

If you provide us with any Personal Data relating to other individuals, you must explain to those individuals that their Personal Data will be used in accordance with this Privacy Statement. If you believe that your Personal Data has been provided to us improperly, or if you otherwise wish to exercise your rights relating to your Personal Data, please contact us by using the information set out in the “Contact Us” section below.

2. From Other Sources

We also collect information about you from other sources and combine this information with Personal Data provided by you. This helps us to update, expand and analyze our records, identify new customers and create more tailored advertising to provide services that may be of interest to you. In particular, we collect Personal Data from third party providers of business contact information, including professional contact details, employment-related information (such as job titles) and device / location-related information (such as IP addresses) for purposes of targeted advertising, delivering relevant email content, event promotion and profiling.

We obtain information through partners, vendors, suppliers and other third parties. These enterprises largely fall into the following categories: partners, hosts or vendors at events or trade shows, research partners and enterprises that deploy the Arm technology or third-party offerings that include Arm technology. We might also obtain information through a partner as part of our business operations. This kind of data is used for work such as improving algorithms and data models, product testing and improvement, enhancing existing products and developing new capabilities and features.

Device and Usage Data

We use common information-gathering tools, such as cookies, web beacons and similar technologies, to automatically collect information that may contain Personal Data from your computer or mobile device as you navigate our websites, our services or interact with emails we have sent to you.

We gather certain information automatically in connection with the use of our website by individual users. This information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage.

In addition, we gather certain information automatically as part of your use of the cloud products and services. This information may include the information described in the preceding paragraph.

This device and usage data is primarily used for the purposes of identifying the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual (e.g., by means of an obvious identifier, such as a name) for security purposes or as required as part of our provision of the services to our customers (where we act as a processor). In any event, device and usage data will constitute your Personal Data.

Why and How We Use Your Information

We collect and process your Personal Data for the purposes and on the legal bases identified in the following:

  • Providing our websites and services: We process your Personal Data to perform our contract with you for the use of our websites and services and to fulfill our obligations under applicable terms of use/service; where we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to operate and administer our websites and to provide you with the content you access and request (e.g., to download content from our websites);
  • Promoting the security of our websites and services: We process your Personal Data by tracking use of our websites and services, creating aggregated, non-Personal Data, verifying accounts and activity, investigating suspicious activity and enforcing our terms and policies, to the extent this is necessary for our legitimate interest in promoting the safety and security of the services, systems and applications and in protecting our rights and the rights of others;
  • Managing user registrations: If you have registered for an account with us, we process your Personal Data by managing your user account for the purpose of performing our contract with you according to applicable terms of service;
  • Handling contact and user support requests: If you fill out a “Contact Me” web form or request user support, or if you contact us by other means including via a phone call, we process your Personal Data to perform our contract with you;
  • Managing event registrations and attendance: We process your Personal Data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract with you;
  • Managing contests or promotions: If you register for a contest or promotion, we process your Personal Data to perform our contract with you. Some contests or promotions have additional rules containing information about how we will process your Personal Data;
  • Developing and improving our websites and services: We process your Personal Data to analyze trends and to track your usage of and interactions with our websites and services to the extent it is necessary for our legitimate interest in developing and improving our websites and services and providing our users with more relevant content and service offerings, or where we seek your valid consent;
  • Assessing and improving user experience: We process device and usage data as described above, which in some cases may constitute Personal Data, to analyze trends and assess and improve the overall user experience to the extent it is necessary for our legitimate interest in developing and improving the service offering, or where we seek your valid consent; • Assessing capacity requirements: We process your Personal Data to assess the capacity requirements of our services to the extent that it is in our legitimate interest to ensure that we are meeting the necessary capacity requirements of our service offering;
  • Identifying customer opportunities: We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate interest to ensure that we are meeting the demands of our customers and their users’ experiences;
  • Registering office visitors: We process your Personal Data for security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent that such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access;
  • Sending marketing communications: We process your Personal Data to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, SMS, or push notifications) about us and our affiliates and partners, including information about our products, promotions or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent (please see the "Your legal rights" section below to learn how you can control the processing of your Personal Data by Arm for marketing purposes); and
  • Complying with legal obligations: We process your Personal Data when cooperating with public and governmental authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent the processing or disclosure of Personal Data to protect our rights is necessary for our legitimate interest in protecting against misuse or abuse of our websites, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.

Where we need to collect and process Personal Data by law, or under a contract we have entered or will enter into with you, and you fail to provide the required Personal Data when requested, we may be unable to perform our contract with you.

When and How Can Arm Share Your Personal Data

Sharing with Third Parties

We share information with the following third parties:

  • Third party service providers (for example advertising and event / marketing services, information technology, product delivery, website hosting, data analysis, IT services, auditing, payment processing or customer service and other service providers) in order for these third parties to provide services on behalf of Arm;
  • As required by law, to comply with a legal obligation, in connection with a request from a public or governmental authority, or in connection with court or tribunal proceedings, to prevent loss of life or injury, or to protect our rights or property. Where possible and practical, and where we are legally permitted to do so, we will tell you in advance of such disclosure.
  • Relevant third parties as part of a contemplated or actual corporate transaction such as a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
  • With third parties that are not suppliers or vendors but are working with us to offer certain opportunities such as sweepstakes, contests, and similar promotions, to enable joint products or research studies, or to facilitate services like message boards, blogs or other shared platforms. In these cases, additional terms or privacy notices will be provided where required.

Sharing within Arm

We share your information across the Arm corporate group in order to provide, maintain and develop our products and services. Arm employees will only access the information to the extent necessary to achieve the particular purpose(s) and perform their job.

We also share information that is not Personal Data, such as anonymized or aggregated information, for purposes such as analysis, identifying trends in the areas of our products and to help research and develop new Arm services.

Data Aggregation and Analytics

We collate your Personal Data which you provide to us or we collect and use it anonymously for analytics, benchmarking and to effectively monitor our website and improve your user experience.

How Long Do We Retain Your Information

We retain Personal Data for the period necessary to:

  • Provide requested Arm services, as needed to comply with legal obligations (e.g., maintaining opt-out lists to fulfill advertising and marketing choices or to comply mandatory record retention or legal hold requirements), as agreed in an individual consent; and
  • to resolve disputes, and to otherwise fulfill the purposes, rights and obligations outlined in this Privacy Statement.

Retention periods can vary significantly based on the type of information and how it is used and our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our Arm intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. When Personal Data is removed from our systems, it will be deleted or destroyed using appropriate security protocols so that it cannot be reconstructed or read.

Your Legal Rights

If you are located in a European Union Member State and certain other countries, you have the following additional rights:

Access and / or Have Your Information Provided to You
You can request a copy of the Personal Data we are processing about you.

Change or Correct
You can ask us to change, fix or update information about you (for example, if it is incomplete or inaccurate).

Deletion
You can ask us to delete Personal Data about you.

Restrictor Limit Use
You have the right to restrict our processing (i.e., stop any active processing) of your Personal Data (for example, if the information about you is inaccurate).

Portability
In certain circumstances, you have the right to obtain Personal Data we hold about you in a structured, electronic format, and to transmit such data to another data controller.

Object
You have the right to object to Arm using your Personal Data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing). See below for information about how to unsubscribe to direct marketing.

Opt-out
You can withdraw your consent, including for marketing messages that you receive from us.

Please note that these rights may be limited, for example if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority as described below.

Make a Data Subject Access Request

International Transfer of Personal Data

Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates and third parties disclosed above, that are based in other countries.

Therefore, your Personal Data may be processed outside your jurisdiction, and in countries that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area (EEA). We ensure that the recipient of your Personal Data offers an adequate level of protection, for instance by entering into the appropriate data processing agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).

Children’s Privacy

We will not knowingly collect Personal Data from children under the age of 13 years. On occasion Arm does run campaigns to encourage the use of technology for children under the age of 13. Such campaigns are strictly for educational purposes only. Any information collected by Arm of participating children under the age of 13 is done with the consent of the parent or legal guardian and the data collected is strictly segregated and deleted immediately after the end of any such campaign.

Changes

We may modify this Privacy Statement at any time. If we make changes to this Privacy Statement, then we will post an updated version of this Privacy Statement on our website. We will specifically notify you by [insert e.g., email] about any material changes to this Privacy Statement.

Contact Us

If you believe we have used your Personal Data in a way that is not consistent with this Privacy Statement or your choices, or if you have any questions or comments about this Privacy Statement, please contact the Arm Privacy Office at by emailing here: privacy[at]arm[dot]com. Any request will be evaluated and completed in accordance with applicable data protection law, including verification of the requestor’s identity.
Alternatively, please contact us at the following address:

Privacy Counsel
Arm Limited
110 Fulbourn Road
Cambridge CB1 9NJ

Filing a Complaint

If you have a complaint about this Privacy Statement or any element of how we use your Personal Data, then please contact us first. If you are not satisfied and are located in a European Union country, then please contact your local data protection authority. If you are based in, or the issue relates to, the UK, you can contact the Information Commissioner’s Office at the following address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Alternatively, you can use an online form via the Information Commissioner’s website (https://ico.org.uk/concerns).

If you are based in, or the issue you would to complain about took place elsewhere in the EEA, please visit this website (http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=50061) for a list of local data protection authorities in other EEA countries.

Last updated: October 2019, SP-LES-PRE-20809 Version: 1.05,

Copyright © 2019 Arm Limited (or its affiliates). All rights reserved.