In this Policy, “personal data” means any information which on its own or combined with other information relates to and identifies (directly or indirectly) a living individual.
This Policy applies to all Arm companies as well as Arm websites, domains, services, applications, and products.
Data you provide
When you interact with us, we collect and process personal data from your online activity, your use of devices, products or services. This data can be used to help you set up an account, deliver products or services to you or improve the way we or our products work with you. This data may include:
Data we automatically collect
We also process information when you use our services. This information includes IP addresses, login information, device IDs, time stamps, authentication records, location information, carrier service used, signal strength, the origin, destination, type and quantity of traffic passed and other operational data.
Data we collect from third parties
We may receive your personal data from third parties such as social network platforms, partners and other sources. This information is not collected by us but by a third party and is subject to the relevant third party’s own separate privacy and data collection policies. We do not have any control or input on how your personal data is handled by third parties so if you have any questions you should contact the relevant third party for further information about your personal data.
We collect and use personal data about you with your consent to provide, maintain, and develop our products and services and understand how to improve them.
Provide, Develop, and Improve our Products and Services
Build a Safe and Secure Environment
Organise and Deliver Advertising and Marketing
Where we process your personal data to provide a product or service, we do so because it is necessary to perform contractual obligations. All of the above processing is necessary in our legitimate interests to provide products and services and to maintain our relationship with you and to protect our business for example against fraud. We will seek your consent to send you direct marketing.
We store and process data on servers in the European Economic Area (EEA). However, your personal data may also be transferred to and processed in regions including North America, Africa and Asia Pacific. Laws protecting your personal data may be different to the place where you live. We will take appropriate steps to ensure that your personal data is treated securely and in accordance with this Policy as well as applicable data protection law. We are in the process of applying for approval of Binding Corporate Rules and, pending approval, we will enter into EU standard contractual clauses (or equivalent measures) with parties outside the EEA (available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en)
We will share your personal data with third parties only in the ways set out in this Policy or set out at the point when the personal data is collected. We consider your personal data to be a vital part of our relationship with you. We do not sell your personal data to third parties, including to third-party advertisers.
We may share your information across the Arm corporate group in order to provide, maintain and develop our products and services. For example, if you are based outside Israel or Finland then we will need to share your personal data with our subsidiaries in these countries in order to provide our Mbed cloud services to you.
We may use or disclose your personal data in order to comply with a legal obligation, in connection with a request from a public or government authority, or in connection with court or tribunal proceedings, to prevent loss of life or injury, or to protect our rights or property. Where possible and practical to do so, we will tell you in advance of such disclosure.
Service Providers and Other Third Parties
We use a variety of third party service providers, independent contractors, agencies, approved distributors and consultants to deliver and help us improve our products and services. Service providers may be within or located outside the EEA. We may share your personal data with marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others but only to maintain and improve our products and services.
We partner with other embedded tool companies and semi-conductor manufacturers to provide you with important or interesting information about products or services that you may find beneficial. We may provide your personal data to these third parties to enable them to provide you with such information.
Data Aggregation and Analytics
We may collate your personal data you provide to us or we collect and use it anonymously for analytics, benchmarking and to effectively monitor the website and improve your user experience.
We are constantly deploying and updating our technical and organisational security measures to protect against loss, misuse or alteration of personal data that we have collected or received from a third party.
To the extent permitted by law, Arm may review, scan or analyse communications for fraud prevention, investigation, regulatory compliance, risk assessment, research, product development, and customer support purposes.
We use industry-standard encryption technologies when transferring and receiving personal data, and network access control technology to limit access to the systems on which personal data is stored, and we monitor for possible vulnerabilities and attacks.
If you become aware that there has been a breach in security of any of the personal data that we store or that is stored by our third-party service providers, please contact us via the instructions provided in the Contact Us section below.
We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent required by applicable law. When we no longer need personal data, we will remove it from our systems and / or take steps to anonymise it.
You have the following rights (if applicable):
You have the right to request a copy of the personal data we are processing about you.
You have the right to have incomplete or inaccurate personal data that we process about you rectified.
You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or if we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish us to delete it.
You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you.
Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge such as where you wish to opt out from marketing messages that you receive from us. If you wish to withdraw your consent, please contact us at opt-out[at]arm.com.
You can make a request to exercise any of these rights in relation to your personal data by sending the request by mail to Privacy Counsel of Arm Limited, 110 Fulbourn Road, Cambridge, CB1 9NJ or email to privacy[at]arm.com. For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information.
We will not knowingly collect personal data from children under the age of 16 years.
We may modify this Policy at any time. If we make changes to this Policy then we will post an updated version of this Policy on our website.
To contact us, please email privacy[at]arm.com or write to us at:
110 Fulbourn Road
If you have a complaint about this Policy or any element of your personal information that we hold then please contact us at the above address. If you are not satisfied, then you have the right to lodge a complaint with the local data protection authority. If you are based in, or the issue relates to, the UK, you can contact the Information Commissioner’s Office at the following address:
Information Commissioner’s Office
Alternatively, you can use an online form via the Information Commissioner’s website (https://ico.org.uk/concerns).
If you are based in, or the issue you would to complain about took place elsewhere in the EEA, please visit this website (http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=50061) for a list of local data protection authorities in other EEA countries.
Last updated: May 2018, SP-LES-PRE-20809 Version: 0.9,
Copyright © 2018 Arm Limited (or its affiliates). All rights reserved.