Dun & Bradstreet Privacy Notice

Dun & Bradstreet is the world’s leading source of business information and insight. Since 1841, Dun & Bradstreet has collected information about businesses to deliver products and services that assist our customers in making critical commercial decisions. Our global business database contains more than 330 million business records. Some of the information in the business records may be classified as personal information under various laws such as information relating to an individual (e.g. a sole trader, a partnership, a company director, a beneficial owner, a trustee, a professional contact.)

This privacy notice explains how we collect, share and protect business information.

Updated September 1, 2020

Applicability - Legal Entities and Websites

This Privacy Notice applies to the following Dun & Bradstreet legal entities: Dun & Bradstreet, Inc., Dun & Bradstreet NetProspex, Inc. ("NPX"), Avention, Inc., Hoovers Inc., Dun & Bradstreet Emerging Businesses ("DBEB"), Dun & Bradstreet Government Solutions, Inc., Mad Objectives, Receivables Intelligence, and Orb Intelligence. This Privacy Notice also applies to Lattice Engines, a subsidiary of Dun & Bradstreet whose mission is to create an AI platform that enables companies to engage their buyers with 1-to-1 omni-channel experiences and make B2B marketing as personalized as B2C marketing. These entities and lines of business will be referred to collectively as “Dun & Bradstreet” in this Privacy Notice.

This policy covers the following Dun & Bradstreet websites: dnb.com, DandB.com, accesstocapital.com, products.dandb.com, dandbeducation.com, companyupdate.com, EdAhead.org, education.dandb.com, CreditSignal.com, businesscredit.dnb.com, cart.dnb.com, yourhoovers.com,, https://www.coaction.com/, and https://www.lattice-engines.com/.

These sites may provide links to other U.S. Dun & Bradstreet websites, non-U.S. Dun & Bradstreet websites and non-Dun & Bradstreet websites that may have different privacy notices. We encourage you to carefully read the online privacy notices of these other websites to ensure that you understand their practices and the relevant distinctions.

This Privacy Notice does not apply to Dun & Bradstreet companies based in the European Union or the United Kingdom, or when any Dun & Bradstreet company processes data relating to residents of the European Union under the General Data Protection Regulation (“GDPR”). In such cases please see the EU and UK Privacy Notice. See our section regarding data transfers and Privacy Shield for more information on transfers of data under the GDPR. Our EU and UK Privacy Notice also covers transfers of data relating to residents of the European Union and United Kingdom to the United States pursuant to Dun & Bradstreet’s Privacy Shield certification.

This Privacy Notice does not apply to Market Data Retrieval (MDR), a part of Dun and Bradstreet Inc., and a provider of marketing information and services for the K-12, higher education, library, early childhood, and related education market. View MDR’s online Privacy Notice.

This Privacy Notice does not apply to Dun & Bradstreet legal entities based in the People’s Republic of China, and their collection and sale of such information. In such cases, please see the China Privacy Notice.

If you are a resident of California, please see the section entitled “California Residents” of this Privacy Notice for an overview of your California rights, including your right to make a “Do Not Sell My Personal Information” request.

What Information We Collect

Products and Services

Learn More

Dun & Bradstreet collects information on businesses and business professionals. This includes information we collect offline and online from business owners and principals, from businesses' creditors, vendors, third parties and suppliers, and from public records such as business registrations, Uniform Commercial Code filings and bankruptcy filings. MDR collects information on educational institutions and professionals. Dun & Bradstreet has a right to publish information on businesses that may be a factor in our customers’ decision making involving credit, insurance, marketing and other activities. The business information that we collect includes the following:

Company and business professional information, including business contact information such as name, title, address, phone number, fax number, and e-mail address, domain names, FEIN numbers, trade associations, utility bills, incorporation and tax records and information on minority owned and veteran owned businesses. In the United States we collect a limited amount of non-business personal information on business individuals (such as a personal, non-business email address) to increase the accuracy of our business contact information, but we never publish such information in any of our business products or solutions. In addition, we corroborate and build business contact emails by way of various verification methods and data points;

Detailed company profiles and statistics, including number of employees;

Background information regarding company management, such as beneficial ownership/persons of significant control, the educational and career histories of company principals, adverse media history including but not limited to any history of criminal acts or misconduct;

Company operational histories, including territories, subsidiaries, affiliates, and lines of business;

Detailed trade and business credit information, including payment histories and patterns;

Summary business information regarding profitability, debts, assets, net worth, and business relationships;

Business compliance information from public source government and professional records, media and business publications;

Educational institutional profiles and statistics, including educational subject matter specialties and number of employees;

Background information regarding educational institutional management, such as the educational and career histories of school deans and principals;

Website and online data relating to IP addresses, geolocation, comments on social media are collected and aggregated and used to analyze trends regarding Dun & Bradstreet products and services and to increase accuracy of our business data sets, as well as to assist us in matching IP addresses to business contact information.

Credit/debit card information in order to process certain customer payments.

Other, similar types of data.

As part of our employee hiring and onboarding process, we collect information relating to potential employees’ education, background and work history. This Privacy Notice does not apply to personal information of current Dun & Bradstreet employees.

Website Visitors and Customers

Learn More

Personal Information You Provide Through Websites: includes name, address, telephone number, social media handle, email address, employer, job title. We collect personal information from website visitors and when you purchase products and services through our website, apply for Dun & Bradstreet D-U-N-S^® Number; subscribe to email newsletters and alerts, fill out a form to request additional information; participate in Community Forums; enter a contest; fill out a survey; access video content; receive free incentives.

PLEASE NOTE: Your registration information and/or any information collected by D&B when you visit websites is not included in the D&B professional business contacts database.

Personal Information Collected In The Scope Of Marketing Activities: Your personal information may be collected when you enter contests and participate in other promotions; when we conduct webinars, demand generation campaigns, when we disseminate white papers, e-books or similar content, when you click on landing pages, in the course of Pay-Per-Click campaigns, and similar events and methods.

When you sign up to participate in D&B hosted blogs, tutorials, and social media, we will collect personally identifiable information in order to establish your profile. You may choose to make public certain individual profile elements, in which case that information will be available to visitors and possibly to other users of the Internet. Any information that you submit and post may likewise be available to website visitors and viewable to anyone online. Your blog postings will be associated with your username and your voluntarily created public profile. Violation of our Terms of Use agreement may result in the removal of your post(s) and/or the termination of your membership.

Information Collected Automatically Through Computer Tracking: We also collect information about website visitors such as IP address, browser type, or operating system, areas of the website visited and the website from which a visitor came. We collect and analyze this information for the continued improvement of the Products, Websites, and our business. We routinely use this web log information to administer and improve our website. While some of this information may be traceable to an individual, we only seek to identify individuals (i) whom we believe are using our website for improper purposes, (ii) when necessary to assist them with their user experience, (iii) for marketing purposes, including third party marketing , (iv) or to otherwise use the information as described in this policy.

Dun & Bradstreet analyzes IP addresses of visitors to our websites and match business information from our various databases and received from third parties against the IP addresses to learn more about what types of businesses are visiting our websites and the browsing preferences of such businesses on our websites. We use the information derived from these analytical activities, which may be combined with non-personally identifiable behavioral information received from third parties, to better model and refine our general marketing activities and may, from time to time and to the extent permitted by law, directly market our products and services to these businesses based on the information we have learned about their browsing activities while on our websites. In addition, Hoover’s analyzes IP addresses from Hoover’s products users to match business information from our various databases and received from third parties against users’ IP addresses for our internal analytical purposes which helps us to increase the accuracy of the information in our various business information databases.

Information collected via Mobile Devices: To provide location-based services on the mobile-optimized versions of products, we may collect and use precise location data, including the real-time geographic location of your mobile device or computer. Where available, location-based services may use GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, and other technologies to determine your device’s approximate location. Location-based services, such as the mapping features, require collection of your location for the feature to work. You may withdraw consent to its collection, use, transmission, processing and maintenance of location data at any time by not using the products that use location-based features or by turning off Location Services settings (as applicable) on your device and computer.)

Dun & Bradstreet does not respond to Do Not Track Signals.

D&B Email IQ

Personal Information Collected through D&B Email IQ

The D&B Email IQ application helps users have more informed conversations, save time, and better prepare for meetings with seamless access to business intelligence from the Dun & Bradstreet Data Cloud, accessible through the user's email. The application uses innovative technology powered by machine learning and natural language processing to scan the prospects and customers you are interacting with to provide company firmographics, recommendations on additional contacts, and suggestions for similar companies to pursue.

When a user opts in to the installation of D&B Email IQ, the application will access limited data from the emails and calendar invites the user sends and receives in their email environment. The data collected will be limited to email addresses found in the “To” and “From” fields of the emails, as well as the business card information contained in an email signature. The signature of an email may include data elements such as name, job title and department, company name, email address, telephone number, fax number, company address, corporate URL, and social networking URL. Data collected via the application may be incorporated into the Dun & Bradstreet Data Cloud and be used to enhance and improve our products by enabling businesses to manage their financial risks, protect against fraud and dishonesty, know who they are doing business with, meet their compliance and regulatory obligations and better understand organizations, industries and markets. Where permitted under applicable law, this information may also be used for sales and marketing purposes. Based on the country of origin of the data subject, we have implemented safeguards to address additional legal obligations so that we are in compliance with applicable laws. In certain instances, the data collected will be used purely for internal compliance with applicable laws, unless further notice or consent requirements have been fulfilled.

Anyone whose data was collected via the D&B Email IQ application may opt out of the use of their data by calling Dun & Bradstreet at 1-800-234-3867 or emailing custservprivacy@dnb.com

For more information on D&B Email IQ, please visit our D&B Email IQ FAQs page.

Our Purpose for Collecting Information

D&B collects personal information so that we can supply commercial data about organizations to other organizations. Our purpose is to enable businesses to manage their financial risks, protect against fraud and dishonesty, know who they are doing business with, meet their compliance and regulatory obligations and better understand organizations, industries and markets.

We also collect personal information so that we can license and sell professional business contact information for marketing and data management purposes.

Lattice Engines’ purpose for collecting personal information is to continually improve our AI platform and enable companies to engage their buyers with 1-to-1 omni-channel experience and make B2B marketing as personalized as B2C marketing.

How Do We Use and Share Information?

Dun & Bradstreet

Dun & Bradstreet uses the information that we collect to operate our websites, offer customers a variety of business information products and services for use in making business credit, risk management, supplier, and marketing decisions, and to carry out transactions that you request or authorize. Dun & Bradstreet also licenses professional business contact information to authorized resellers and third party businesses for marketing and data management purposes.

We may use your professional business contact information to match it with other public and private sources in order to create anonymous segments of information (this is non-personally identifying information, such as demographic, behavioral and technical information, extracted from the underlying Data) for use by Dun & Bradstreet and/or third parties to target advertising messages to you on third party sites and services. Such segments do not reveal or contain your personal information. You may opt-out from certain targeting advertising by following the instructions in the section below entitled "What are your choices regarding Cookies".

Dun & Bradstreet shares information with third party service providers, such as credit card processors, auditors, attorneys, consultants, live help/chat providers and contractors, in order to support Dun & Bradstreet's Internet websites and business operations. Dun & Bradstreet contractually requires that these recipients only use the information for the intended purpose of the disclosure and that they destroy or return the information when it is no longer needed. We may also disclose the information as required or appropriate in order to protect our website, business operations or legal rights, or in connection with a sale or merger involving Dun & Bradstreet assets or businesses.

From time to time, Dun & Bradstreet compiles online and offline transaction and registration information for internal analyses, such as market research, quality assurance, customer experience, and operational benchmarking initiatives. D&B may use IP address information collected from customers for analytical purposes and in some of our products and services.

When necessary or appropriate, we may disclose information in response to a court order, subpoena, law enforcement proceeding, regulatory inquiry or when otherwise legally required. Also, be advised that Dun & Bradstreet sometimes receives requests (e.g., court order, subpoena, law enforcement proceeding,) for personal information from public authorities to meet national security or law enforcement requirements. In responding those requests D&B's response will be limited (a) to the extent necessary to meet national security, public interest, or law enforcement requirements or (b) by statute, government regulation or case law that creates conflicting obligations or explicit authorizations.

D&B Hoovers

D&B Hoovers maintains a separate professional contacts directory in which your company and individual business contact information may be listed. Hoover's licenses business and professional contact information to authorized resellers and third party businesses for marketing purposes. Aggregated website visitor data may be used to determine usage patterns or interests of visitors to the website and users of our products, or for purposes related to technical support or security of the website, products and computer systems. Usage information, such as number of reports, types of reports and functions accessed by a particular UserID, may be tracked within the products. We do this to monitor authorized usage of the products, respond to questions from the user, for market research, and to improve the design and functionality of the products. We may also aggregate corporate or industry information accessed by all of our customers. We do this in order to appreciate the types of companies and industries for which our customers require information, which in turn improves the quality of the products. We do not correlate the accessed corporate or industry information to a specific user or to a particular organization.

Lattice Engines

We may share your business contact information with third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your business relevant information only as necessary to provide these services to us.
For example, some services include the following or similar services:

Fulfilling orders and delivering packages
Payment processing
Providing customer service
Sending marketing communications
Web applications, firewalls and other security measures

Cloudflare may have access to application traffic of Lattice Engines public websites and service offerings. This permits Cloudflare to provide Lattice Engines with the services of a web application firewall, providing protection against malicious use and distributed denial of service attacks.

We use Sure Shot and typically, Sure Shot does not have access to the authorized contents of our customer’s business contacts in their licensed use of either the Marketo or Eloqua marketing platforms, although there may be exceptions from time to time.

Collection of Sensitive Personally Identifiable Information

Dun & Bradstreet may collect sensitive personally identifiable information ("SPI") associated with certain customers or customers' clients, such as individuals' Social Security Numbers and dates of birth, in order to provide certain product and service offerings. We will only collect this SPI if it is necessary to fulfill certain product orders and only when voluntarily provided by the customer. We will only use it for the limited, permissible purpose for which it is collected and we will take commercially reasonable steps to adequately secure the information. We may also share this SPI with trusted third parties for the limited, permissible purpose of fulfilling the associated product orders. Additionally, sometimes data subjects will send us sensitive personally identifiable information without our asking. When we become aware of this, we will delete the sensitive personally identifiable information.

Cookies, Web Beacons, Pixel Tags, and GIFs

What are Cookies, Web Beacons, Pixel Tags and GIFs and how are they used?

Learn More

A cookie is a small text file (which typically includes a piece of computer code) that is stored on your computer's hard drive. Cookies are sent by our website (or the website of a company we have a relationship with) to your computer, mobile phone or other device when you visit our website. When you visit a website, that website's computer asks your computer for permission to store this text file in a section of your hard drive that is specifically designated for cookies. Each website can send its own cookie to your browser if your browser's preferences allow it.

A Web beacon is a graphic image, such as a pixel tag or clear GIF, which is placed on a Web page or in an e-mail message to monitor user activity, such as whether the Web page or e-mail message is accessed or clicked. They are also used on many Web pages for alignment purposes.

We sometimes use Web beacons to provide an independent accounting of how many people visit our website or to gather statistics about browser usage on our website. Some of our Web pages and HTML-formatted e-mail newsletters use Web beacons in conjunction with cookies. It is difficult for you to limit the use of Web beacons because there is no easy way to distinguish their use from alignment and other purposes. Web beacons may also be loaded from a different Web server than the rest of the page.

Some of our e-mails may also contain pixels or code to gather information regarding e-mail behavior and for analytics. We may share this information with third parties.

Cookie Uses

Learn More

We use cookies to store login and other information on your computer, which serves to improve our website functionality and tailor our services to your preferences and interests. Cookies also allow us to display personalized content and relevant D&B product or solution-based advertising on your later visits to our site. Other uses include preventing, detecting and investigating potentially prohibited or illegal activities, including enforcing our Terms of Use agreement. For certain services, we offer users the ability to store a user ID or password within a cookie so that they do not need to re-enter it when they subsequently return to our website. Cookies, in conjunction with our Web server's log files, allow us to calculate the aggregate number of people visiting our website and to assess which parts of the site are most popular. This information helps us to constantly improve our website and better serve our customers. Some of our cookies may be tied to personally identifiable information, such as IP address. We do not store credit/debit card numbers in cookies. Cookies may be used to store a unique identification number tied to your computer so that a website can recognize you as the same user across different visits to the website. For more information about the type of information that is collected on website visitors, see our Privacy Policy section on “What Information We collect”

Types of Cookies

Learn More

Some cookies are necessary to make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. Marketing cookies are used to track visitors across websites. The intention is to display content that is relevant and engaging for the individual user.

Some cookies help website owners to understand how visitors interact with websites. Cookies that provide analytics services can collect IP address or other identifiers, browser information, and information about the content that you view. These analytic services help us to know how many users we have, which parts of our sites are most popular, what browsers are used, the country or region where users are located, and the demographics and interests of users.

First and Third-Party Cookies

Learn More

First Party Cookies

Cookies can be First Party Cookies or Third-Party cookies. The difference is which website sends the cookie to your device. First party cookies are sent by, or on behalf of, the company whose website you visit. Third party cookies are sent by any other company. D&B uses first and third-party cookies.

D&B’s first party cookies collect data, such as the date, time, and areas of our website that are visited, as well as the website from which the visitor came. We may use IP addresses to derive certain other information concerning businesses visiting our websites, but we do not analyze this information in a way which would reveal the identity of the individual browsing our websites. When you select one of our products or services, register for a newsletter or e-mail alert, fill out an online form, or complete a survey, we may try to identify your browser and we may combine information from cookies, Web beacons, code and other information collected online with other data that we maintain about you. By improving the features, marketing, and content of our website and by making your online experience more convenient and meaningful, we can better serve our customers' needs.

Third Party Cookies

Some of our business partners, such as third-party advertisers, use cookies that originate from their websites. The third parties with whom we partner provide certain features on our site to display advertising based upon your web browsing activity. In the course of serving advertisements, our third-party advertisers and partners may place or recognize a unique third-party cookie on your browser. These companies may use information about your visits to Dun & Bradstreet’s and other websites to provide advertisements on this site and other sites about goods and services that may be of interest to you. These third-party partners monitor how guests use our website and determine which of our online features they prefer. We may report information to our partners about our customers and the products and services they order, as well as aggregated, non-identifiable information about our guests' use of our website.

Third Party Advertisers

Learn More

We use third party advertising companies to serve our Internet ad banners on our website and other websites on which we advertise. The use of third-party cookies and other tracking technologies is not covered by our privacy policy. We do not have access to or control over any third-party tracking technologies. Third party advertisers may also use a third-party analytics provider to place third party cookies on your browser to collect anonymous and aggregated session data, such as the ads that are viewed. If you view a Web page where our ads appear, the advertising company may place a cookie on your computer or use a Web beacon to access a cookie that they previously placed on your computer. These companies do not collect information that can personally identify you, but they may use information about your visits to our website and other websites to measure the effectiveness of ads. We do not disclose any personally identifiable information to these companies. We share aggregate website usage information with third party advertisers and partners for the purpose of effectively targeting our online advertisements. Unless you are previously notified, these advertising companies do not link any online behavior or cookies with other information that can be used to personally identify you, such as your name, address, telephone number or e-mail address, when working with Dun & Bradstreet.

These third-party advertising networks also track visitors' online usage and behavior patterns. These companies may use information about your visits to Dun & Bradstreet and other websites to provide advertisements on this site and other sites about goods and services that may be of interest to you. The result of these efforts is the creation of an online profile that attempts to predict individual user interests, preferences and purchasing habits. The third-party advertising networks then accordingly customize the advertising content served to users when visiting other websites.

What are your choices regarding Cookies

Learn More

Most Internet browsers allow users to decide whether to accept cookies. The Help function within your browser should tell you how to do this. The website AboutCookies.org contains comprehensive information on how to do this on a wide variety of desktop browsers. You may reset your browser to refuse cookies and still use our website, although website access and functionality may be slower and less convenient.

Regarding Third Party Advertisers, the Network Advertising Initiative (NAI) is a self-regulatory cooperative of online marketing and analytics companies. The NAI provides educational content and opt-out tools to help Internet users learn about and address online behavioral marketing practices. Through the NAI's online options, you may opt out of particular NAI network members' behavioral advertising programs or you may opt out of all NAI network members' programs. Opting out will prevent the given network from which you opted out from using your Web preferences and usage patterns to deliver targeted online ads. The NAI opt-out only works with participating third-party advertising networks that use cookies and Web beacons to execute their advertising initiatives. If you would like additional information about online behavioral marketing and your options regarding these standard Internet practices, please visit the NAI website. Dun & Bradstreet also follows the Self-Regulatory Principles for Online Behavioral Advertising as administered by the Digital Advertising Alliance (DAA). Visit Digital Advertising Alliance WebChoices Browser Check to exercise your option to opt-out of targeted ads provided by certain listed companies.

You Have Choices

Dun & Bradstreet respects your privacy preferences and offers the following ways through which you may control how we contact you and disclose your information.

Dun & Bradstreet E-mail Marketing

Learn More

To opt out of receiving Dun & Bradstreet promotional e-mails, newsletters, and updates about new Dun & Bradstreet features, products and services:

You can manage your notifications and communications at the Communications Preference Center or you may follow the unsubscribe instructions in any of our promotional emails. You can also reach Customer Service at 1-800-234-3867 or send an email to custservprivacy@dnb.com.

You may change your preferences at any time.

Please note that we may continue to send you transactional or service-related e-mails despite your desire to not receive promotional or marketing e-mail messages. Also please note that if you elect to opt-out of receiving promotional e-mails from one of our websites, you may continue to receive promotional emails from our other websites.

Dun & Bradstreet Telemarketing, Texting or Calling

Learn More

To no longer receive telemarketing calls from us or seek to clearly inform Dun & Bradstreet of a desire to revoke consent provided in the below paragraph, you may do this by calling Dun & Bradstreet Customer at 1-800-234-3867 or visiting Dun & Bradstreet Communication Preferences.

By providing your phone number to Dun & Bradstreet, you expressly consented and authorized Dun & Bradstreet to contact you in any lawful manner, including the use of automatic and/or computerized dialing systems, text messages and pre-recorded message and call technologies for any lawful purpose, including marketing Dun & Bradstreet products and third party services. You expressly consent to be contacted through such means at the telephone numbers (including mobile or wireless numbers) you provide to Dun & Bradstreet. You represent and warrant that any mobile or wireless telephone number you provide belongs to you and is associated with a mobile device in your possession. You will notify Dun & Bradstreet if your mobile or wireless telephone number changes. Consent is not a requirement of purchase. Should you have any questions about which addresses, telephone numbers or email addresses you provided to Dun & Bradstreet for the above, please review your account information in your product dashboard or please call Dun & Bradstreet at 1-800-234-3867.

We may continue to call you for transactional or service-related purposes despite your desire to not receive telemarketing calls.

Dun & Bradstreet Direct Mail Marketing

Learn More

To be placed on our company's internal Do Not Mail list should you no longer wish to receive marketing or promotional mailers you may do so by contacting: Dun & Bradstreet Customer Service at 1-800-234-3867 or visiting Dun & Bradstreet Communication Preferences

You may change your preferences at any time.

We may continue to send you transactional or service-related correspondence despite your desire to not receive marketing mailers.

Third Party Marketing

Learn More

Individuals whose contact information is in our professional contacts database may request to be excluded from the professional contacts database, by calling Dun & Bradstreet at 800-234-3867 or emailing custservprivacy@dnb.com

While we may remove your individual business contact information from our professional contacts database, please be aware that we will continue to provide your company's or educational institution’s contact information in our Business Information and Educational Institutional Reports and other products and services. Note that if your professional contact information is in a different third party's marketing directory, you will need to request removal with such third party directly.

Access, Correction, and Deletion

To help ensure data quality and accuracy, Dun & Bradstreet provides businesses organizations and business professionals with access to their business information within the D&B databases and with an opportunity to review such information, correct verified inaccuracies, or delete any personal information within such business information if required by law. Authorized business representatives may request a complimentary copy of their company's business report.

To obtain a copy of your company’s business report or your information or, to correct or update your information:

Dun & Bradstreet Customer Service at 1-800-234-3867 or send an email to custservprivacy@dnb.com

Hoovers/Avention: Customer Support at 1-800-486-8666 or by sending an e-mail to customersupport@hoovers.com

When a business owner or principal contacts Dun & Bradstreet about a potential data error, we promptly investigate the issue, confirm the information in question, correct verified inaccuracies or delete any personal information within such business information if required by law, and respond to the original inquiry. In such a case, we may apply a "stop distribution" order regarding the relevant business report, as well as ancillary products that may be affected by the verified inaccuracy, until the matter is properly resolved. When the investigation is complete, we will also send a correction or deletion notice to businesses or others whom we know to have received the inaccurate data, as appropriate. However, some third parties and third party sites may continue to display inaccurate Data until their databases and display of data are refreshed in accordance with their update schedules.

Data Security

Dun & Bradstreet maintains commercially reasonable security measures to protect personal information against unauthorized access and disclosure and that are consistent with our business operations and generally accepted industry standards. These measures include the implementation of technical, physical and administrative security safeguards. Dun & Bradstreet requires employees to complete privacy and security training. Dun & Bradstreet also implements a third party service provider due diligence program to ensure that our vendors likewise employ adequate data collection, processing, transfer, management and security measures in carrying out their services on our behalf.

We do not necessarily control how you send us your personal information. Therefore, we cannot always ensure or warrant the security of any information that you transmit to us. You agree that you provide this information and engage in such transmissions at your own risk. Once we receive information from you, we will endeavor to maintain its security on our systems. Dun & Bradstreet has established policies and procedures for securely managing information and protecting Data against unauthorized access and we continually assess our data privacy, information management and data security practices. We do this in the following ways:

Establishing policies and procedures for securely managing information and as may be further addressed in our contractual relationship with a customer;
Limiting employee access to sensitive information;
Protecting against unauthorized access to customer data by using data encryption, authentication and virus detection technology, as required;
Requiring service providers with whom we do business to comply with relevant data privacy legal and regulatory requirements;
Monitoring our websites through recognized online privacy and security organizations;
Conducting background checks on employees and providing Data Privacy training to our team members;
Continually assessing our data privacy, information management and data security practices.

Data Retention

Dun & Bradstreet will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services, contact Dun & Bradstreet Customer Service at 1-800-234-3867 or custservprivacy@dnb.com. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Children

Dun & Bradstreet websites, products and services are for business purposes only. They are not targeted, intended or expected to be of use to children. User provided contributions of content or contact information regarding or about children are expressly prohibited. We do not knowingly collect information on minors under 16 years of age. If we become aware that information we collected may be associated with a minor under 16 years of age, we will delete that information.

Changes to Data Privacy Practices

If we make material changes to our data privacy practices, this policy will be updated and posted on our website in order to keep you informed of how we collect, use, manage, disclose, and protect information. The policy effective date will be updated accordingly.

Your Use of Our Website Is Consent

By using our website, you hereby consent to our collection, use, management, retention, and disclosure of your information as described in this policy.

Sale of Assets

In the event that Dun & Bradstreet is purchased or sells parts or all of the business, the information collected will be considered an asset that can be transferred.

Transfers of Personal Information from the EU/EEA, the United Kingdom, and Switzerland to the US

Please note that, despite the Court of Justice of the European Union’s invalidation of the EU-US Privacy Shield Framework as a mechanism for transfers of personal data between the EU and the U.S. Dun & Bradstreet is currently maintaining our self-certification under the EU-US Privacy Shield Framework and remains committed to protect personal information in accordance with the Privacy Shield Principles which offer meaningful privacy protections for EU individuals. While we will continue our participation in the Privacy Shield Framework, we will at this time only rely on Standard Contractual Clauses to cover the transfer of personal information from the EU to other jurisdictions.

For more information on the U.S. Department of Commerce’s continued administration of the Privacy Shield program, please visit the Privacy Shield website.

Dun & Bradstreet and its legal entities participate in and have certified compliance with the EU-U.S. Privacy Shield Framework and the Swiss U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and/or Switzerland (as applicable) to the United States, respectively, in reliance on Privacy Shield. Dun & Bradstreet is committed to subjecting personal information received from European Union (EU) member countries, the United Kingdom, and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce Privacy Shield website.

Dun & Bradstreet is responsible for the processing of personal information it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Dun & Bradstreet complies with the Privacy Shield Principles for all onward transfers of personal information from the EU, the United Kingdom, and Switzerland, including the onward transfer liability provisions.

In certain situations, Dun & Bradstreet may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at the TRUSTe Feedback and Resolution System.

Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

To learn more about the Privacy Shield program, and to view our certification, please visit the Privacy Shielf website.

Dun & Bradstreet is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

General Data Protection Regulation (GDPR)

We recognize that some of the information we collect may be classified as “personal data” under European Union (EU) law as it is information relating to an individual (e.g. a sole trader, a partnership, a company director, a beneficial owner, a trustee, a professional contact etc) residing in the European Union. For additional information in relation to the processing of personal data under EU law, and specifically the General Data Protection Regulation 2016/679, please visit our EU and UK Privacy Notice.

Other Data Transfer Mechanisms

Dun & Bradstreet also complies with other various jurisdictional cross border transfer requirements by using data transfer agreements or other approved mechanisms for global transfers of personal information.

Dispute Resolution

This dispute resolution program covers both offline Data collection (e.g. personal information collected through our call centers or via postal mail) and online Data collection (e.g. personal information collected via the Internet). If you are a citizen of the EU and you have any complaints regarding our compliance with relevant aspects of the Data transfer laws and regulations surrounding Data transfers from the EU you should contact us at: EUDPO@dnb.com.

If you are not a citizen of the EU and you have a question or concern regarding Dun & Bradstreet's data privacy practices, please contact the Chief Privacy Officer at privacyofficer@dnb.com or call the Customer Service center at 1-800-234-3867 or send an email to custservprivacy@dnb.com. We will do our best to resolve any complaints or issues as quickly as possible.

If we cannot resolve your complaints, you may have rights to independent dispute resolution or arbitration under certain circumstances as described below in the sections titled “Independent Dispute Resolution” and “Arbitration.”

Privacy Shield Independent Dispute Resolution

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may invoke binding arbitration under certain circumstances. Please contact our U.S.-based third party dispute resolution provider (free of charge) at the TRUSTe Feedback and Resolution System, and the section below titled “Arbitration.”

Arbitration

In accordance with the Privacy Shield, individuals may invoke binding arbitration as a final recourse for claims that a Privacy Shield organization has violated its obligations under the Principles and the claim is not fully resolved by other Privacy Shield recourse mechanisms. The arbitration will be implemented in accordance with the rules established under the Privacy Shield.

California Residents

Starting January 1, 2020, under the California Consumer Privacy Act (the CCPA) residents of the state of California have the following rights:

You have the “Right to Know” or the “Right to Access Information About Collection, Disclosure and Sale of your Personal Information” over the past 12 months. Refer to the additional details below. Fill out the form to complete your Right to Information about Collection, Disclosure and Sale of your Personal Information request. The information you provide will only be used to fulfill your CCPA request.

Additional Information on "Right to Know"

The “Right to Know” or the “Right to Information About Collection, Disclosure and Sale of your Personal Information” gives you the right to request the following information:

Categories of personal information D&B has collected about you;
Categories of sources from which the personal information was collected;
Categories of your personal information that D&B sold or disclosed for a business purpose;
Categories of third parties to whom the personal information was sold or disclosed for a business purpose;
The business or commercial purpose for collecting or selling personal information; and
The specific pieces of personal information that D&B has about you

You have the Right to Deletion of information you have shared with us, subject to certain exceptions. Refer to the additional details on these exceptions below. Fill out the form to complete your Right to Deletion request. The information you provide will only be used to fulfill your CCPA request.

Additional Information on "Right to Deletion" exceptions

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

You have the Right to Opt Out of the Sale of Your Personal Information, unless such personal information was collected from a government source.

Visit the Communication Preferences to opt out of marketing.
Fill out the form to complete your Right to Opt Out of the Sale of Your Personal Information request. The information you provide will only be used to fulfill your CCPA request.
If you have opted out of the sale of your personal information but would like to Opt Back in, please fill out the CCPA Opt-In form. The information you provide will only be used to fulfill your CCPA request.

You also have a Right Not to be Discriminated Against for exercising your CCPA rights. You do not need to request this right, this a is a right we will always give you in regard to any CCPA rights request.

If you would like to exercise your CCPA rights over the phone, please call us at 1-855-549-8900 and clearly state that you are a resident of the state of California and wish to exercise your CCPA rights. We will ask for additional information to verify your identity.

An authorized agent may make a CCPA request on your behalf. The authorized agent will need to provide the information necessary to confirm your identity, as well as written and signed permission to act on your behalf. An “authorized agent” must also be a natural person or business registered with the Secretary of State in California.

We reserve the right to use a third party to verify your identity and this third party may require additional information for verification purposes. The data you provide will only be used to fulfill your CCPA request.

Please see below for the categories of personal information about California consumers that we have collected, sold and disclosed for a business purpose over the past 12 months.

Additional Information

Categories of Personal Information we have collected, sold and disclosed for a business purpose over the past 12 months (excluding our subsidiary, Lattice Engines)
Category	Examples	Collected, sold and disclosed
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.	We may have collected some of these data elements on California Residents.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	We may have collected some of these data elements on California Residents.
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	We may have collected some of these data elements on California Residents.
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	We may have collected some of these data elements on California Residents.
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	We do not collect this type of information.
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.	We may have collected some of these data elements on California Residents.
G. Geolocation data.	Physical location or movements.	We may have collected some of these data elements on California Residents.
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	We may have collected some of these data elements on California Residents.
I. Professional or employment-related information.	Current or past job history or performance evaluations.	We may have collected some of these data elements on California Residents.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	We may have collected some of these data elements on California Residents in the course of searching for potential new employees. We do not sell this type of data.
K. Inferences drawn from other personal information.	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	We may have collected some of these data elements on California Residents.

Please see below for additional information on how we collect, sell and disclose personal information on California Residents.

Additional Information

The specific pieces of personal information we have collected about California Consumers

Please see the Privacy Notice above under the section "What Information We Collect”

The categories of sources from which the personal information was collected

We collect personal information from the following sources:

Government Sources
Third Party Vendors and Data Providers
Data Subjects
Publicly available websites and news agencies

The business or commercial purpose for collecting personal information

Dun & Bradstreet collects personal information so that we can supply commercial data about organizations to other organizations. Our purpose is to enable businesses to manage their financial risks, protect against fraud and dishonesty, know who they are doing business with, meet their compliance and regulatory obligations and better understand organizations, industries and markets.

We also collect personal information so that we can license and sell professional business contact information for marketing and data management purposes.

The categories of third parties to whom we sell personal information

We sell personal information to the following third parties:

Our customers for credit, sales and marketing, supply and compliance decisions and customers who participate in our data exchange programs
Our World Wide Network Partners, which are businesses we partner with across the world
Our strategic partners who incorporate Dun & Bradstreet data into their own solutions

The business or commercial purpose for selling personal information

Please see the Privacy Notice above under the section "Our Purpose for Collecting Information”

The categories of third parties with whom we share personal information

See the “How Do We Use and Share Personal Information” section of our Privacy Notice. For a list of third parties with whom we use to process personal information, see Schedule 1 “Sub-Processors” at www.dnb.co.uk/dpa.

The business or commercial purpose for sharing such personal information

The business or commercial purpose for sharing such personal information is to utilize third parties to help us in our purpose of enabling businesses to manage their financial risks, protect against fraud and dishonesty, know who they are doing business with, meet their compliance and regulatory obligations and better understand organizations, industries and markets.

We also share personal information with third parties so that we can license and sell professional business contact information for marketing and data management purposes.

Please see below for the categories of personal information about California consumers that Lattice Engines has collected, sold and disclosed for a business purpose over the past 12 months.

Additional Information

Category	Examples	Collected, sold and disclosed for the Lattice Engines Data Cloud	Collected, sold and disclosed for Atlas, a Lattice Engines product
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.	We may have collected some of these data elements on California Residents: Real Name Postal Address	These categories are not collected by Lattice Engines. Some of these categories may be processed in Lattice Engines from the Data Cloud or customer data sources: Name Address Email Telephone
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	We may have collected some of these data elements on California Residents: Name Address Telephone Number	These categories are not collected by Lattice Engines. Some of these categories may be processed in Lattice Engines from the Data Cloud or customer data sources: Name Address Telephone
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	We do not collect this type of information.	We do not collect this type of information.
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	We do not collect this type of information.	These categories are not collected by Lattice Engines. Some of these categories may be processed in Lattice Engines from customer data sources: Products or services purchased Purchase history
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	We do not collect this type of information.	We do not collect this type of information.
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.	We do not collect this type of information. For example, receive “intent” data that is built on browse history by webpage topic.	These categories are not collected by Lattice Engines. Some of these categories may be processed by Lattice Engines from customer data sources.
G. Geolocation data.	Physical location or movements.	We may have collected some of these data elements on California Residents. Physical location	We do not collect this type of information.
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	We do not collect this type of information.	We do not collect this type of information.
I. Professional or employment-related information.	Current or past job history or performance evaluations.	We do not collect this type of information.	We do not collect this type of information.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	We do not collect this type of information.	We do not collect this type of information.
K. Inferences drawn from other personal information.	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	We do not collect this type of information.	We do not collect this type of information.

Please see below for additional information on how Lattice Engines collects, sells and discloses personal information on California Residents:

Additional Information

The specific pieces of personal information we have collected about California Consumers.	Please see the Privacy Notice above under "What Information We Collect” and the subheading “Lattice Engines”. Company Name, which may be associated with a person Address Telephone Number CEO Name
The categories of sources from which the personal information was collected.	We collect personal information from the following sources: Government sources Third Party Vendors and Data providers Data subjects Publicly available websites and news agencies
The business or commercial purpose for collecting personal information.	Our Purpose for Collecting personal information is to continually improve our AI platform and enable companies to engage their buyers with 1-to-1 omni-channel experience and make B2B marketing as personalized as B2C marketing.
The business or commercial purpose for selling personal information.	Our Purpose for selling personal information is to continually improve our AI platform and enable companies to engage their buyers with 1-to-1 omni-channel experience and make B2B marketing as personalized as B2C marketing.
The categories of third parties with whom we share personal information.	Please see the “How Do We Use and Share Personal Information” section of our Privacy Notice.
The business or commercial purpose for sharing such personal information.	The business or commercial purpose for sharing such personal information is to utilize third parties to help us to continually improve our AI platform and enable companies to engage their buyers with 1-to-1 omni-channel experience and make B2B marketing as personalized as B2C marketing.

California Civil Code Section 1798.83 also known as the “Shine the Light” law permits customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please see the Access and Correction section above for contact information.

Contact

For more information regarding this Privacy Notice, you can contact:

Privacy Officer
Dun & Bradstreet, Inc.
103 JFK Parkway
Short Hills, NJ 07078
privacyofficer@dnb.com

If you are an EU citizen and have questions regarding your personal information or about Dun & Bradstreet's EU Privacy Policy, you can contact:

EU Data Protection Officer at EUDPO@dnb.com

Effective Date:

Effective Date of this Privacy Notice: September 1, 2020

This update to the Privacy Notice incorporates updates to address the Court of Justice of the European Union’s invalidation of the EU-US Privacy Shield Framework and the D&B for Outlook plug-in.

This Privacy Notice was previously updated July 1, 2020.