Arm understands the fundamental importance of privacy, data protection and security.
In this Policy, “personal data” means any information which on its own or combined with other information relates to and identifies (directly or indirectly) a living individual.
This Policy applies to all Arm companies as well as Arm websites, domains, services, applications, and products.
Types of Data We Collect and How
Data you provide
When you interact with us, we collect and process personal data from your online activity, use of devices, products or services.
This data can be used to help you set up an account, deliver products or services to you or improve the way we or our products work with you. This data can include:
- Account information such as your name, title, date of birth, gender, company, profile photo, email address, phone number and payment information.
- Payment information such as your billing address, credit card, debit card or other payment method.
- Other information such as your occupation, employment details, institution details and residential address.
Data we automatically collect
- When you visit an Arm website we automatically collect and store information about your visit using browser cookies (files which are sent by us to your computer) or similar technology which we can access when you visit an Arm website in future.
- Cookies we use
|Company / Provider||Cookie name||Duration||Purpose|
|fbp||90 days||Analytics tracking (via Google Tag Manager)|
|_ga||2 years||Analytics tracking (via Google Tag Manager)|
|_gat||0||Analytics tracking (via Google Tag Manager)|
|_gcl_au||90 days||Analytics tracking (via Google Tag Manager)|
|_gid||12/24hrs||Analytics tracking (via Google Tag Manager)|
|HubSpot||More Info Hubspot|
|HubSpot||_hs_opt_out||13 months||Cookie consent acceptance|
|HubSpot||_hs_do_not_track||13 months||Prevent tracking code|
|HubSpot||_hs_ab_test||0||Serve same version of A/B test page|
|Cloudflare||_cfdruid||30 days||Detect malicious visitors to website|
|HubSpot||_hstc||13 months||Visitor tracking|
|HubSpot||HubSpotutk||13 months||Visitor ID tracking, contains opaque GUID|
|HubSpot||_hssc||30 minutes||Session tracking|
|HubSpot||_hssrc||0||Session tracking new browser|
- Log data. We also log information automatically when you use our services. This information includes IP addresses, login information, device IDs, time stamps, authentication records, location information, carrier service used, signal strength, the origin, destination, type and quantity of traffic passed and other operational data.
How we use Personal Data we collect
Provide, Develop, and Improve our Products and Services
- Deliver, maintain, debug and improve our products and services;
- Enable you to access the Mbed Cloud services and set up an account;
- Host discussions, blogs and information which help deliver an Arm-based design efficiently through collaboration;
- Enable you to access the Arm Community or register on the Arm Education Media’s digital content hub;
- Activate, administer and monitor software tools;
- Provide you with technical and customer support; and
- Enrol in educational courses or training schemes about our products and services.
Build a safe and secure environment
- Provide cloud services and tools to enable you to create and deploy commercial, standards-based IoT solutions;
- Verify or authenticate your identity; and
- Investigate and prevent security incidents such as breaches, attacks and hacks.
Organise and Deliver Advertising and Marketing
- Aggregate your information in an anonymised form to generate usage statistics;
- Display content and advertising, including third-party advertising, that we believe might be of interest to you;
- Send you newsletters and other marketing communications about current and future products, programs and services, events, competitions, surveys and promotions by us or hosted on our behalf; and
- Organise events or register attendees and schedule meetings for events.
Where we process your personal data to provide a product or service, we do so because it is necessary to perform contractual obligations. All of the above processing is necessary in our legitimate interests to provide products and services and to maintain our relationship with you and to protect our business for example against fraud. We will seek your consent to send you direct marketing.
Process and storage
We store and process data on servers in the European Economic Area (EEA). However, your personal data may also be transferred to and processed in regions including North America, Africa and Asia Pacific. Laws protecting your personal data may be different to the place where you live. We will take appropriate steps to ensure that your personal data is treated securely and in accordance with this Policy as well as applicable data protection law. We are in the process of applying for approval of Binding Corporate Rules and, pending approval, we will enter into EU standard contractual clauses (or equivalent measures) with parties outside the EEA (available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en).
Sharing and Disclosure
We will share your personal data with third parties only in the ways set out in this Policy or at the point when the personal data is collected. We consider your personal data to be a vital part of our relationship with you. We do not sell personal data to third parties, including to third-party advertisers.
We may share your information across the corporate group in order to provide, maintain and develop our products and services. For example, if you are based outside Israel or Finland then we will need to share your personal data with our subsidiaries in these countries in order to provide our Mbed cloud services to you.
We may use or disclose your personal data in order to comply with a legal obligation, to prevent loss of life or injury, or to protect our rights or property. Where practicable, we will tell you in advance of such disclosure.
Service Providers and other third parties
Arm uses a variety of third party service providers, agencies, approved distributors and consultants to help us deliver and improve our products and services. Service providers may be within or located outside the EEA. We may share your personal data with marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others to maintain and improve our products and services.
We partner with other embedded tool companies and semi-conductor manufacturers to provide you with important or interesting information about products or services that you may find beneficial. We may provide your personal data to these third parties to enable them to provide you with such information.
We may collate your personal data you provide to us or we collect and use it anonymously for benchmarking and to effectively monitor the website and improve your user experience.
We are constantly deploying and updating our technical and organisational security measures to protect against loss, misuse or alteration of personal data that we have collected or received from a third party.
We use industry-standard encryption technologies when transferring and receiving personal data, and network access control technology to limit access to the systems on which personal data is stored, and we monitor for possible vulnerabilities and attacks.
If you become aware that there has been a breach in security of any of the personal data that we store or that is stored by our third-party service providers, please contact us via the instructions provided in the Contact Us section below.
We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent required by applicable law. When we no longer need personal data, we will remove it from our systems and/or take steps to anonymise it.
You have the following rights (if applicable):
Access. You have the right to request a copy of the personal data we are processing about you.
Rectification. You have the right to have incomplete or inaccurate personal data that we process about you rectified.
Deletion. You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
Restriction. You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or if we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish us to delete it.
Portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you.
Objection. Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge such as where you wish to opt out from marketing messages that you receive from us. If you wish to withdraw your consent, please contact us at firstname.lastname@example.org.
You can make a request to exercise any of these rights in relation to your personal data by sending the request by mail to Privacy Counsel of Arm Limited, 110 Fulbourn Road, Cambridge, CB1 9NJ] or email to email@example.com. For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information.
We will not knowingly collect personal data from children under the age of 16 years.
We reserve the right to modify this Policy at any time. If we make changes to this Policy then we will post an updated version of this Policy on our website.
To contact us, please email firstname.lastname@example.org or write to us at:
110 Fulbourn Road
If you have a complaint about any element of your personal data that we hold or this Policy then please contact us at the above address. If you are not satisfied then you have the right to lodge a complaint with the local data protection authority. If you are based in, or the issue relates to, the UK, you can contact the Information Commissioner’s Office at the following address:
Information Commissioner’s Office
Alternatively, you can use an online form via the Information Commissioner’s website (https://ico.org.uk/concerns).
If you are based in, or the issue you would like to complain about took place, elsewhere in the European Economic Area (EEA), please visit this website (http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=50061) for a list of local data protection authorities in other EEA countries.
Last updated: 20 February 2019