Privacy Policy

PSA Certified and Arm understand the fundamental importance of privacy, data protection and security.

Skip to content

We take your privacy seriously and are committed to safeguarding your personal data. This Privacy Policy (“Policy”) informs you how Arm Limited, 110 Fulbourn Road, Cambridge, Cambridgeshire, CB1 9NJ, registered number 2557590, and its subsidiaries (collectively “we”, “us” or “our”), collect, process, transfer and protect personal data. For the purposes of applicable data protection law, the data controller is PSA Certified.

In this Policy, “personal data” means any information which on its own or combined with other information relates to and identifies (directly or indirectly) a living individual.


This Policy applies to all PSA Certified websites, domains, services, applications, and products.

It does not apply to third-party applications, websites, products, services or social media platforms that may be accessed through links that we provide to you. These sites are owned and operated independently from us and have their own separate privacy and data collection practices. Any personal data that you provide to these websites will be governed by the terms of the third party’s own privacy policy. We cannot accept liability for the actions or policies of these independent sites and are not responsible for the content or privacy practices of such sites.

Types of Data We Collect and How

Data you provide

When you interact with us, we collect and process personal data from your online activity, use of devices, products or services.

This data can be used to help you set up an account, deliver products or services to you or improve the way we or our products work with you. This data can include:

Data we automatically collect

Company / ProviderCookie nameDurationPurpose
Googlefbp90 daysAnalytics tracking (via Google Tag Manager)
Google_ga2 yearsAnalytics tracking (via Google Tag Manager)
Google_gat0Analytics tracking (via Google Tag Manager)
Google_gcl_au90 daysAnalytics tracking (via Google Tag Manager)
Google_gid12/24hrsAnalytics tracking (via Google Tag Manager)

More Info Hubspot
HubSpot_hs_opt_out13 monthsCookie consent acceptance
HubSpot_hs_do_not_track13 monthsPrevent tracking code
HubSpot_hs_ab_test0Serve same version of A/B test page
Cloudflare_cfdruid30 daysDetect malicious visitors to website
Cloudflare_cfruid0Rate limiting
HubSpot_hstc13 monthsVisitor tracking
HubSpotHubSpotutk13 monthsVisitor ID tracking, contains opaque GUID
HubSpot_hssc30 minutesSession tracking
HubSpot_hssrc0Session tracking new browser

How we use Personal Data we collect

Provide, Develop, and Improve our Products and Services  

Build a safe and secure environment  

Organise and Deliver Advertising and Marketing   

Where we process your personal data to provide a product or service, we do so because it is necessary to perform contractual obligations. All of the above processing is necessary in our legitimate interests to provide products and services and to maintain our relationship with you and to protect our business for example against fraud. We will seek your consent to send you direct marketing.

Process and storage

We store and process data on servers in the European Economic Area (EEA). However, your personal data may also be transferred to and processed in regions including North America, Africa and Asia Pacific. Laws protecting your personal data may be different to the place where you live. We will take appropriate steps to ensure that your personal data is treated securely and in accordance with this Policy as well as applicable data protection law. We are in the process of applying for approval of Binding Corporate Rules and, pending approval, we will enter into EU standard contractual clauses (or equivalent measures) with parties outside the EEA (available here:

Sharing and Disclosure

We will share your personal data with third parties only in the ways set out in this Policy or at the point when the personal data is collected. We consider your personal data to be a vital part of our relationship with you. We do not sell personal data to third parties, including to third-party advertisers.

Legal Requirement

We may use or disclose your personal data in order to comply with a legal obligation, to prevent loss of life or injury, or to protect our rights or property. Where practicable, we will tell you in advance of such disclosure.

Service Providers and other third parties

Arm uses a variety of third-party service providers, agencies, approved distributors and consultants to help us deliver and improve our products and services. Service providers may be within or located outside the EEA. We may share your personal data with marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others to maintain and improve our products and services.

We partner with other embedded tool companies and semi-conductor manufacturers to provide you with important or interesting information about products or services that you may find beneficial. We may provide your personal data to these third parties to enable them to provide you with such information.

Data Aggregation

We may collate your personal data you provide to us or we collect and use it anonymously for benchmarking and to effectively monitor the website and improve your user experience.


We are constantly deploying and updating our technical and organisational security measures to protect against loss, misuse or alteration of personal data that we have collected or received from a third party.

We use industry-standard encryption technologies when transferring and receiving personal data, and network access control technology to limit access to the systems on which personal data is stored, and we monitor for possible vulnerabilities and attacks.

If you become aware that there has been a breach in security of any of the personal data that we store or that is stored by our third-party service providers, please contact us via the instructions provided in the Contact Us section below.


We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent required by applicable law. When we no longer need personal data, we will remove it from our systems and/or take steps to anonymise it.

Your rights

You have the following rights (if applicable):

Access. You have the right to request a copy of the personal data we are processing about you.

Rectification. You have the right to have incomplete or inaccurate personal data that we process about you rectified.

Deletion. You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.

Restriction. You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or if we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish us to delete it.

Portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you.

Objection. Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.

Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge such as where you wish to opt out from marketing messages that you receive from us.  If you wish to withdraw your consent, please contact us at

You can make a request to exercise any of these rights in relation to your personal data by sending the request by mail to Privacy Counsel of Arm Limited, 110 Fulbourn Road, Cambridge, CB1 9NJ] or email to For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information.

Children’s Privacy

We will not knowingly collect personal data from children under the age of 16 years.


We reserve the right to modify this Policy at any time. If we make changes to this Policy then we will post an updated version of this Policy on our website.

Contact Us

To contact us, please email or write to us at:

Privacy Counsel
Arm Limited
110 Fulbourn Road


If you have a complaint about any element of your personal data that we hold, or this Policy then please contact us at the above address. If you are not satisfied, then you have the right to lodge a complaint with the local data protection authority. If you are based in, or the issue relates to, the UK, you can contact the Information Commissioner’s Office at the following address:

Information Commissioner’s Office
Wycliffe House
Water Lane

Alternatively, you can use an online form via the Information Commissioner’s website (

If you are based in, or the issue you would like to complain about took place, elsewhere in the European Economic Area (EEA), please visit this website ( for a list of local data protection authorities in other EEA countries.

Last updated: 3 June 2020