Arm Global Privacy Statement
Last updated: January 1, 2023
- Personal Data We Collect
- Device and Usage Data
- Why and How We Use Your Information
- When and How Can Arm Share Your Personal Data
- How Long Do We Retain Your Information For
- Security of Personal Data
- Your Legal Rights
- International Transfer of Personal Data
- Children’s Privacy
- Contact Us
- Filing a Complaint
This Arm Privacy Statement ("Privacy Statement") describes our privacy practices. Please read this Privacy Statement carefully to learn how we collect, use, share and otherwise process information relating to individuals ("Personal Data"), and to learn about your rights and choices regarding our processing of your Personal Data. If you are a candidate, please see Arm’s Candidate Privacy Notice.
A reference to “Arm”, “we,” “us” or the “Company” is a reference to Arm Limited of 110 Fulbourn Road, Cambridge CB1 9NJ, UK.
Arm is the controller of your Personal Data as described in this Privacy Statement.
For the avoidance of doubt, this Privacy Statement does not apply to the extent we process Personal Data in the role of a processor on behalf of our customers, including where we offer to our customers various cloud products and services.
Types of Processing Activities
This Privacy Statement applies to the processing of Personal Data collected by us when you:
- Visit our websites that display or link to this Privacy Statement;
- Visit our branded social media pages;
- Visit our offices;
- Receive communications from us, including emails, phone calls, texts or fax; or
- Register for, attend and/or otherwise take part in our events, webinars or contests.
Personal Data We Collect
1. Directly from you
The Personal Data that we collect directly from you includes the following:
- If you express an interest in obtaining additional information about our services, use our "Contact Us" or similar features, register to use our websites, sign up for an event, contest, or download certain content, we will require that you provide to us your contact information, such as your name, job title, company name, address, phone number, email address or username and password;
- If you attend an event where we scan your attendee badge, we will collect from your attendee badge information such as name, title, company name, address, country, phone number and email address;
- If you use and interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails through cookies, web beacons or similar technologies (please see the "Device and Usage Data" section below for more information);
- If you use and interact with our services, we automatically collect information about your device and your usage of our services, through log files and other technologies, some of which may qualify as Personal Data (please see the "Device and Usage Data” section below for more information); and
- If you visit our offices, you will be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival.
If you provide us with any Personal Data relating to other individuals, you must explain to those individuals that their Personal Data will be used in accordance with this Privacy Statement. If you believe that your Personal Data has been provided to us improperly, or if you otherwise wish to exercise your rights relating to your Personal Data, please contact us by using the information set out in the “Contact Us” section below.
2. From other sources
We also collect information about you from other sources and combine this information with Personal Data provided by you. This helps us to update, expand and analyze our records, identify new customers and create more tailored advertising to provide services that may be of interest to you. In particular, we collect Personal Data from third party providers of business contact information, including professional contact details, employment-related information (such as job titles) and device / location-related information (such as IP addresses) for purposes of targeted advertising, delivering relevant email content, event promotion and profiling.
We obtain information through partners, vendors, suppliers and other third parties. These enterprises largely fall into the following categories: partners, hosts or vendors at events or trade shows, research partners and enterprises that deploy the Arm technology or third-party offerings that include Arm technology. We might also obtain information through a partner as part of our business operations. This kind of data is used for work such as improving algorithms and data models, product testing and improvement, enhancing existing products and developing new capabilities and features.
Device and Usage Data
We gather certain information automatically in connection with the use of our website by individual users. This information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage.
In addition, we gather certain information automatically as part of your use of the cloud products and services. This information may include the information described in the preceding paragraph.
This device and usage data is primarily used for the purposes of identifying the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual (e.g., by means of an obvious identifier, such as a name) for security purposes or as required as part of our provision of the services to our customers (where we act as a processor). In any event, device and usage data will constitute your Personal Data.
Why and How We Use Your Information
We collect and process your Personal Data for the purposes and on the legal bases identified in the following:
- Promoting the security of our websites and services: We process your Personal Data by tracking use of our websites and services, creating aggregated, non-Personal Data, verifying accounts and activity, investigating suspicious activity and enforcing our terms and policies, to the extent this is necessary for our legitimate interest in promoting the safety and security of the services, systems and applications and in protecting our rights and the rights of others;
- Managing user registrations: If you have registered for an account with us, we process your Personal Data by managing your user account for the purpose of performing our contract with you according to applicable terms of service;
- Handling contact and user support requests: If you fill out a “Contact Me” web form or request user support, or if you contact us by other means including via a phone call, we process your Personal Data to perform our contract with you;
- Managing event registrations and attendance: We process your Personal Data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract with you;
- Managing contests or promotions: If you register for a contest or promotion, we process your Personal Data to perform our contract with you. Some contests or promotions have additional rules containing information about how we will process your Personal Data;
- Developing and improving our websites and services: We process your Personal Data to analyze trends and to track your usage of and interactions with our websites and services to the extent it is necessary for our legitimate interest in developing and improving our websites and services and providing our users with more relevant content and service offerings, or where we seek your valid consent;
- Assessing and improving user experience: We process device and usage data as described above, which in some cases may constitute Personal Data, to analyze trends and assess and improve the overall user experience to the extent it is necessary for our legitimate interest in developing and improving the service offering, or where we seek your valid consent;
- Assessing capacity requirements: We process your Personal Data to assess the capacity requirements of our services to the extent that it is in our legitimate interest to ensure that we are meeting the necessary capacity requirements of our service offering;
- Identifying customer opportunities: We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate interest to ensure that we are meeting the demands of our customers and their users’ experiences;
- Registering office visitors: We process your Personal Data for security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent that such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access;
- Sending marketing communications: We process your Personal Data to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, SMS, or push notifications) about us and our affiliates and partners, including information about our products, promotions or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent (please see the "Your legal rights" section below to learn how you can control the processing of your Personal Data by Arm for marketing purposes); and
- Complying with legal obligations: We process your Personal Data when cooperating with public and governmental authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent the processing or disclosure of Personal Data to protect our rights is necessary for our legitimate interest in protecting against misuse or abuse of our websites, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.
Where we need to collect and process Personal Data by law, or under a contract we have entered or will enter into with you, and you fail to provide the required Personal Data when requested, we may be unable to perform our contract with you.
When and How Can Arm Share Your Personal Data?
Sharing with third parties
We share information with the following third parties:
- Third party service providers (for example advertising and event / marketing services, information technology, product delivery, website hosting, data analysis, IT services, auditing, payment processing or customer service and other service providers) in order for these third parties to provide services on behalf of Arm.
- As required by law, to comply with a legal obligation, in connection with a request from a public or governmental authority, or in connection with court or tribunal proceedings, to prevent loss of life or injury, or to protect our rights or property. Where possible and practical, and where we are legally permitted to do so, we will tell you in advance of such disclosure.
- Relevant third parties as part of a contemplated or actual corporate transaction such as a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
- With third parties that are not suppliers or vendors but are working with us to offer certain opportunities such as sweepstakes, contests, and similar promotions, to enable joint products or research studies, or to facilitate services like message boards, blogs or other shared platforms. In these cases, additional terms or privacy notices will be provided where required.
Sharing within Arm
We share your information across the Arm corporate group in order to provide, maintain and develop our products and services. Arm employees will only access the information to the extent necessary to achieve the particular purpose(s) and perform their job.
We also share information that is not Personal Data, such as anonymized or aggregated information, for purposes such as analysis, identifying trends in the areas of our products and to help research and develop new Arm services.
Data Aggregation and Analytics
We collate your Personal Data which you provide to us or we collect and use it anonymously for analytics, benchmarking and to effectively monitor our website and improve your user experience.
How Long Do We Retain Your Information For?
We retain Personal Data for the period necessary to:
- Provide requested Arm services, as needed to comply with legal obligations (e.g., maintaining opt-out lists to fulfill advertising and marketing choices or to comply mandatory record retention or legal hold requirements), as agreed in an individual consent; and
- to resolve disputes, and to otherwise fulfill the purposes, rights and obligations outlined in this Privacy Statement.
Retention periods can vary significantly based on the type of information and how it is used and our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our Arm intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. When Personal Data is removed from our systems, it will be deleted or destroyed using appropriate security protocols so that it cannot be reconstructed or read.
Security of Personal Data
We take all reasonable and appropriate steps to protect your Personal Data to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction. Our technical and organisational safeguards include physical access controls, systems and data access controls, encryption, internet firewalls, intrusion detection and network monitoring depending on the nature of the information and the scope of processing. We also contractually require our business partners and suppliers to protect Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
Your Legal Rights
If you are located in a European Union Member State and certain other countries, you have the following additional rights:
Access and / or have your information provided to you
You can request a copy of the Personal Data we are processing about you.
Change or correct
You can ask us to change, fix or update information about you (for example, if it is incomplete or inaccurate).
You can ask us to delete Personal Data about you.
Restrict or limit use
You have the right to restrict our processing (i.e., stop any active processing) of your Personal Data (for example, if the information about you is inaccurate).
In certain circumstances, you have the right to obtain Personal Data we hold about you in a structured, electronic format, and to transmit such data to another data controller.
You have the right to object to Arm using your Personal Data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing). See below for information about how to unsubscribe to direct marketing.
You can withdraw your consent, including for marketing messages that you receive from us.
Please note that these rights may be limited, for example if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority as described below.
Make a Data Subject Access Request
Your California Privacy Rights
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit the CCPA Privacy Statement.
International Transfer of Personal Data
Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates and third parties disclosed above, that are based in other countries.
Therefore, your Personal Data may be processed outside your jurisdiction, and in countries that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area (EEA). We ensure that the recipient of your Personal Data offers an adequate level of protection, for instance by entering into the appropriate data processing agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).
We will not knowingly collect Personal Data from children under the age of 13 years. On occasion Arm does run campaigns to encourage the use of technology for children under the age of 13. Such campaigns are strictly for educational purposes only. Any information collected by Arm of participating children under the age of 13 is done with the consent of the parent or legal guardian and the data collected is strictly segregated and deleted immediately after the end of any such campaign.
We may modify this Privacy Statement at any time. If we make changes to this Privacy Statement, then we will post an updated version of this Privacy Statement on our website. We will specifically notify you by email or through a notice on our website homepage about any material changes to this Privacy Statement.
If you believe we have used your Personal Data in a way that is not consistent with this Privacy Statement or your choices, or if you have any questions or comments about this Privacy Statement, please contact the Arm Global Privacy Office at by emailing here: privacy[at]arm[dot]com. Any request will be evaluated and completed in accordance with applicable data protection law, including verification of the requestor’s identity.
Alternatively, please contact us at the following address:
Global Privacy Office
110 Fulbourn Road
Filing a Complaint
If you have a complaint about this Privacy Statement or any element of how we use your Personal Data, then please contact us first. If you are not satisfied and are located in a European Union country, then please contact your local data protection authority. If you are based in, or the issue relates to, the UK, you can contact the Information Commissioner’s Office at the following address:
Information Commissioner’s Office
Alternatively, you can use an online form via the Information Commissioner’s website (https://ico.org.uk/concerns).
If you are based in, or the issue you would to complain about took place elsewhere in the EEA, please visit this website (https://edpb.europa.eu/about-edpb/about-edpb/members_en) for a list of local data protection authorities in other EEA countries.
Last updated: January 1, 2023, SP-LES-PRE-20809 Version: 1.09
Copyright © 2023 Arm Limited (or its affiliates). All rights reserved.