Dun & Bradstreet Privacy Notice
Applicability - Legal Entities and Websites
Website Visitors and Other Direct Interactions
You Have Choices
- Transfers of Personal Information from the EU/EEA, the United Kingdom, and Switzerland to the United States
- General Data Protection Regulation (GDPR)
- Other Data Transfer Mechanisms
- Data Subject Rights for residents of the EU/EEA, the United Kingdom and Switzerland
- Dispute Resolution
- Privacy Shield Independent Dispute Resolution
- Arbitration
Dun & Bradstreet Privacy Notice
Dun & Bradstreet is the world’s leading source of business information and insight. Since 1841, Dun & Bradstreet has collected information about businesses to deliver products and services that assist our customers in making critical commercial decisions. The Dun & Bradstreet Data Cloud contains data and insights on over 420 million organizations around the globe. Some of the information may be classified as personal information under various laws such as information relating to an individual (for example, a sole trader, a company director, a beneficial owner, a trustee, or a professional contact.)
This privacy notice explains how we collect, share and protect personal information.
Updated September 10, 2021
Applicability - Legal Entities and Websites
This Privacy Notice applies to the following Dun & Bradstreet legal entities: Dun & Bradstreet, Inc., Dun & Bradstreet NetProspex, Inc. ("NPX"), Avention, Inc., Hoovers Inc., Dun & Bradstreet Emerging Businesses ("DBEB"), Dun & Bradstreet Government Solutions, Inc., Mad Objective, Inc., and Orb Intelligence, Inc. This Privacy Notice also applies to Lattice Engines, Inc., a subsidiary of Dun & Bradstreet whose mission is to create an AI platform that enables companies to engage their buyers with 1-to-1 omni-channel experiences and make B2B marketing as personalized as B2C marketing. This Privacy Notice applies to Market Data Retrieval Products and Services (MDR Products and Services), a division of Dun & Bradstreet. MDR Products and Services is the leading U.S. provider of marketing information and services for the K-12, higher education, library, early childhood, and related education markets. MDR Products and Services is powered by the most comprehensive, current, and accurate education databases throughout the industry and is the market’s first choice for direct sales and marketing solutions. These entities and lines of business will be referred to collectively as “Dun & Bradstreet” in this Privacy Notice. This Privacy Notice applies to any Dun & Bradstreet owned website where it is posted.
This Privacy Notice does not apply to Dun & Bradstreet companies based in the European Union or the United Kingdom, or when any Dun & Bradstreet company processes data relating to residents of the European Union under the General Data Protection Regulation (“GDPR”). In such cases please see the EU and UK Privacy Notice External Website. See our section regarding data transfers and Privacy Shield for more information on transfers of data under the GDPR. Our EU and UK Privacy Notice also covers transfers of data relating to residents of the European Union and United Kingdom to the United States pursuant to Dun & Bradstreet’s Privacy Shield certification.
This Privacy Notice does not apply to Dun & Bradstreet legal entities based in the People’s Republic of China, and their collection and sale of such information. In such cases, please see the China Privacy Notice.
This Privacy Notice does not apply to Dun & Bradstreet legal entities based in Canada and their collection and sale of personal information. In such cases, please see the English and French versions of our Canada Privacy Notice.
This Privacy Notice does not apply to Dun & Bradstreet legal entities based in India and their collection and sale of personal information. In such cases, please see our India Privacy Notice.
If you are a resident of California, please see the section entitled “California Residents” of this Privacy Notice for an overview of your California rights, including your right to make a “Do Not Sell My Personal Information” request.
Website Visitors and Other Direct Interactions
Dun & Bradstreet
What Personal Information We Collect and Why
How We Use and Share Personal Information
From time to time, Dun & Bradstreet compiles online and offline transaction and registration information for internal analyses, such as market research, quality assurance, customer experience, and operational benchmarking initiatives. Dun & Bradstreet may use IP address information for analytical purposes and in some of our products and services.
When necessary or appropriate, we may disclose information in response to a court order, subpoena, law enforcement proceeding, regulatory inquiry or when otherwise legally required. Also, be advised that Dun & Bradstreet sometimes receives requests (e.g., court order, subpoena, or law enforcement proceeding) for personal information from public authorities to meet national security or law enforcement requirements, or in other legal matters. In responding to those requests Dun & Bradstreet's response will be limited (a) to the extent necessary to meet national security, public interest, or law enforcement requirements or (b) by statute, government regulation or case law that creates conflicting obligations or explicit authorizations.
MDR Products and Services
What Personal Information We Collect and Why
Any personal information collected by MDR Products and Services through the website is for analysis purposes only and will not be sold in any personally identifiable form
How We Use and Share Personal Information
MDR Products and Services uses personal information to carry out transactions that you request or authorize.
Your Use of Our Website Is Consent
By using our website, you hereby consent to our collection, use, management, retention, and disclosure of your information as described in this policy.
Cookies, Web Beacons, Pixel Tags, and GIFs
What are Cookies, Web Beacons, Pixel Tags and GIFs and how are they used?
A cookie is a small text file (which typically includes a piece of computer code) that is stored on your computer's hard drive. Cookies are sent by our website (or the website of a company we have a relationship with) to your computer, mobile phone or other device when you visit our website. When you visit a website, that website's computer asks your computer for permission to store this text file in a section of your hard drive that is specifically designated for cookies. Each website can send its own cookie to your browser if your browser's preferences allow it.
A Web beacon is a graphic image, such as a pixel tag or clear GIF, which is placed on a Web page or in an e-mail message to monitor user activity, such as whether the Web page or e-mail message is accessed or clicked. They are also used on many Web pages for alignment purposes.
We sometimes use Web beacons to provide an independent accounting of how many people visit our website or to gather statistics about browser usage on our website. Some of our Web pages and HTML-formatted e-mail newsletters use Web beacons in conjunction with cookies. It is difficult for you to limit the use of Web beacons because there is no easy way to distinguish their use from alignment and other purposes. Web beacons may also be loaded from a different Web server than the rest of the page.
Some of our e-mails may also contain pixels or code to gather information regarding e-mail behavior and for analytics. We may share this information with third parties
Cookie Uses
We use cookies to store login and other information on your computer, which serves to improve our website functionality and tailor our services to your preferences and interests. Cookies also allow us to display personalized content and relevant D&B product or solution-based advertising on your later visits to our site. Other uses include preventing, detecting and investigating potentially prohibited or illegal activities, including enforcing our Terms of Use agreement. For certain services, we offer users the ability to store a user ID or password within a cookie so that they do not need to re-enter it when they subsequently return to our website. Cookies, in conjunction with our Web server's log files, allow us to calculate the aggregate number of people visiting our website and to assess which parts of the site are most popular. This information helps us to constantly improve our website and better serve our customers. Some of our cookies may be tied to personally identifiable information, such as IP address. We do not store credit/debit card numbers in cookies. Cookies may be used to store a unique identification number tied to your computer so that a website can recognize you as the same user across different visits to the website. For more information about the type of information that is collected on website visitors, see our Privacy Policy section on “What Information We collect”
Types of Cookies
Some cookies are necessary to make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Cookies may either be persistent or session cookies. Persistent cookies are stored on your device to help remember information, settings, preferences, or sign-on credentials and have an expiration date issued by the webserver. Session cookies, also known as in-memory cookies, transient cookies, or non-persistent cookies, exist only in temporary memory while you are browsing the website and are typically deleted when you close your browser.
Preference cookies are persistent cookies which enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. Persistent cookies are also used to enable testing of new website designs, layout and messaging. The intention is to display content that is relevant and engaging for the individual user.
Dun & Bradstreet also uses session cookies to better understand how you interact with our websites. Cookies that provide analytics services can collect IP address or other identifiers, browser information, and information about the content that you view. These analytic services help us to know how many users we have, which parts of our sites are most popular, what browsers are used, the country or region where users are located, and the demographics and interests of users.
First and Third-Party Cookies
Third Party Advertisers
What are your choices regarding Cookies
Products and Services
Dun & Bradstreet
What Personal Information We Collect and Why
Dun & Bradstreet collects information on businesses and business professionals, including personal information, so we can supply our customers with data about organizations and people. Our purpose is to enable businesses, organizations, and public sector entities to manage their financial risks, protect against fraud and dishonesty, know who they are dealing with, meet their compliance and regulatory obligations, market their products and services, and better understand organizations, industries, markets, and people.
We also collect personal information so that we can license and sell professional business contact information and personal contact information for marketing and data management purposes.
We also collect personal information to continually improve our AI platform and enable companies to engage their buyers with 1-to-1 omni-channel experience and make B2B marketing as personalized as B2C marketing.
This includes information we collect offline and online from business owners and principals, from businesses' creditors, vendors, third parties and suppliers including our customers (with the customer’s consent), and from public records such as business registrations, Uniform Commercial Code filings and bankruptcy filings. We also collect information based on business and individual online activity, information on educational institutions and professionals. Dun & Bradstreet has a right to provide information on businesses that may be a factor in our customers’ decision making involving credit, insurance, marketing, compliance, and other activities. The information that we collect includes, but is not limited to, the following:
- Company and business professional information, including business contact information such as name, title, address, phone number, fax number, and e-mail address, domain names, FEIN numbers, trade associations, utility bills, incorporation and tax records and information on minority, women, and veteran owned businesses. In addition, we corroborate and build business contact emails by way of various verification methods and data points;
- Detailed company profiles and statistics, including number of employees;
- Background information regarding company management and employees, including beneficial ownership/persons of significant control, the educational and career histories of company principals, company and individual browsing history, and adverse media history including but not limited to any history of criminal acts or misconduct, where collection of such data is permitted and where such data is not deemed sensitive under applicable laws;
- Company operational histories, including territories, subsidiaries, affiliates, and lines of business;
- Detailed trade and business credit information, including payment histories and patterns;
- Summary business information regarding profitability, debts, assets, net worth, and business relationships;
- Business violations, publicly available disclosures and other compliance information from public source government and professional records, media and business publications;
- Website and online data relating to IP addresses, geolocation, comments on social media are collected and used to analyze trends regarding Dun & Bradstreet products and services and to increase accuracy of our business data sets, as well as to assist us in matching IP addresses to business contact information.
As part of our US employee hiring and onboarding process, we collect information relating to potential employees’ education, background and work history. This Privacy Notice does not apply to personal information of current Dun & Bradstreet employees.
We do not typically collect information that is deemed to be sensitive under applicable laws to be included in our products and services.
Personal Information Collected through D&B Email IQ
The D&B Email IQ application helps users have more informed conversations, save time, and better prepare for meetings with seamless access to business intelligence from the Dun & Bradstreet Data Cloud, accessible through the user's email. The application uses innovative technology powered by machine learning and natural language processing to scan the prospects and customers you are interacting with to provide company firmographics, recommendations on additional contacts, and suggestions for similar companies to pursue.
When a user opts into the installation of D&B Email IQ, the application will access limited data from the emails and calendar invites the user sends and receives in their email environment. The data collected will be limited to email addresses found in the “To” and “From” fields of the emails, as well as the business card information contained in an email signature. The signature of an email may include data elements such as name, job title and department, company name, email address, telephone number, fax number, company address, corporate URL, and social networking URL. Data collected via the application may be incorporated into the Dun & Bradstreet Data Cloud and be used to enhance and improve our products by enabling businesses to manage their financial risks, protect against fraud and dishonesty, know who they are doing business with, meet their compliance and regulatory obligations and better understand organizations, industries and markets. Where permitted under applicable law, this information may also be used for sales and marketing purposes. Based on the country of origin of the data subject, we have implemented safeguards to address additional legal obligations so that we are in compliance with applicable laws. In certain instances, the data collected will be used purely for internal compliance with applicable laws, unless further notice or consent requirements have been fulfilled.
Anyone whose data was collected via the D&B Email IQ application may opt out of the use of their data by calling Dun & Bradstreet at 1-800-234-3867 or emailing custservprivacy@dnb.com For more information on D&B Email IQ, please visit our D&B Email IQ FAQs page.
How We Use and Share Personal Information
Dun & Bradstreet uses the information that we collect to operate our websites and offer customers a variety of business and personal contact information products and services. This information may be used to help our customers make decisions related to business credit, risk management, supplier due diligence, and investigations, and marketing decisions. We also use the information we collect to carry out transactions that our customers request or authorize. Dun & Bradstreet licenses professional business contact information to authorized resellers and third party businesses for marketing and data management purposes.
We may use your professional business contact information to match it with other public and private sources in order to create segments of information, such as demographic, behavioral and technical information, extracted from the underlying data, for use by Dun & Bradstreet and/or third parties to target advertising messages to you on third party sites and services. You have advertising opt-out options. You may exercise these options by following the instructions in the sections entitled "What are your choices regarding Cookies", and "You Have Choices"
Dun & Bradstreet collects and shares personal information to help our customers with their due diligence investigations on businesses and individuals. However, Dun & Bradstreet does not permit our customers to use our information as a factor in establishing an individual’s eligibility for credit or insurance to be used primarily for personal, family, household or employment purposes.
Dun & Bradstreet shares information with third party service providers, such as credit card processors, auditors, attorneys, consultants, live help/chat providers and contractors, in order to support Dun & Bradstreet's websites and business operations. Dun & Bradstreet contractually requires that these recipients only use the information for the intended purpose of the disclosure and that they destroy or return the information when it is no longer needed. We may also disclose the information as required or appropriate in order to protect our website, business operations or legal rights, or in connection with a sale or merger involving Dun & Bradstreet assets or businesses.
From time to time, Dun & Bradstreet compiles online and offline transaction and registration information for internal analyses, such as market research, quality assurance, customer experience, and operational benchmarking initiatives. Dun & Bradstreet may use IP address information collected from customers for analytical purposes and in some of our products and services.
When necessary or appropriate, we may disclose information in response to a court order, subpoena, law enforcement proceeding, regulatory inquiry or when otherwise legally required. Also, be advised that Dun & Bradstreet sometimes receives requests (e.g., court order, subpoena, or law enforcement proceeding) for personal information from public authorities to meet national security or law enforcement requirements, or in other legal matters. In responding to those requests Dun & Bradstreet's response will be limited (a) to the extent necessary to meet national security, public interest, or law enforcement requirements or (b) by statute, government regulation or case law that creates conflicting obligations or explicit authorizations.
D&B Hoovers maintains a separate professional contacts directory in which your company and individual business contact information may be listed. Hoover's licenses business and professional contact information to authorized resellers and third party businesses for marketing purposes. Aggregated website visitor data may be used to determine usage patterns or interests of visitors to the website and users of our products, or for purposes related to technical support or security of the website, products and computer systems. Usage information, such as number of reports, types of reports and functions accessed by a particular UserID, may be tracked within the products. We do this to monitor authorized usage of the products, respond to questions from the user, for market research, and to improve the design and functionality of the products. We may also aggregate corporate or industry information accessed by all of our customers. We do this in order to appreciate the types of companies and industries for which our customers require information, which in turn improves the quality of the products. We do not correlate the accessed corporate or industry information to a specific user or to a particular organization.
We may share your business contact information with third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your business relevant information only as necessary to provide these services to us. For example, some services include the following or similar services:
- Fulfilling orders and delivering packages
- Payment processing
- Providing customer service
- Sending marketing communications
- Web applications, firewalls and other security measures
Cloudflare may have access to application traffic of Lattice Engines public websites and service offerings. This permits Cloudflare to provide Lattice Engines with the services of a web application firewall, providing protection against malicious use and distributed denial of service attacks.
We use Sure Shot and typically, Sure Shot does not have access to the authorized contents of our customer’s business contacts in their licensed use of either the Marketo or Eloqua marketing platforms, although there may be exceptions from time to time.
MDR Products and Services
What Personal Information We Collect and Why
MDR Products and Services collects information on educational institutions and professionals. We also collect individual and business identifiable information from website visitors when you register to be a member of MDR Products and Services, purchase products and services through our website, subscribe for email newsletters and alerts, enter a contest, fill out a survey, or fill out a form to request and/or register for research materials, programs, events, white papers, and other information. We also collect information offline from educational institutions, business partners, and vendors. The information that we collect includes the following:
- Company and business professional contact information, including name, title, address, phone number, fax number, and email address
- Educational institutional and professional contact information, including name, title, address, phone number, fax number, and email address
- Educational institutional profiles and statistics, including educational subject matter specialties and number of employees
- Background information regarding educational institutional management, such as the educational and career histories of school deans and principals
- Educational professional data as it relates to their professional lives, such as name, institution, title, job function, business contact information, and trade associations Credit/debit card information in order to process certain customer payments
- As part of our employee hiring and onboarding process, we collect information relating to potential employees’ education, background and work history. This Privacy Notice does not apply to personal information of current Dun & Bradstreet employees
How We Use and Share Personal Information
MDR Products and Services uses the individual and business identifiable information that we collect to operate our website, to communicate with website visitors and customers, to offer a variety of educational information products and services for use in making prudent business decisions, and to carry out transactions that you request or authorize. From time to time, MDR Products and Services compiles online and offline transaction and registration information for internal analyses, such as market research, quality assurance, customer experience, and operational benchmarking initiatives.
Collection of Sensitive Personally Identifiable Information
Dun & Bradstreet may collect sensitive personally identifiable information such as individuals' Social Security Numbers and dates of birth, in order to provide certain product and service offerings. We will only collect this kind of information if it is necessary and only when voluntarily provided by the customer. We will only use it for the limited, permissible purpose for which it is collected and we will take commercially reasonable steps to adequately secure the information. We may also share this sensitive information with trusted third parties for the limited, specific permissible purpose for which it was shared. Additionally, sometimes we receive sensitive personally identifiable information without our asking. When we become aware of this, we will delete the sensitive personally identifiable information.
You Have Choices
Dun & Bradstreet
Dun & Bradstreet respects your privacy preferences and offers the following ways through which you may control how we contact you and disclose your information.
To no longer receive marketing communications of any kind, please contact Dun & Bradstreet Customer Service at 1-800-234-3867 or visit Dun & Bradstreet Communication Preferences.
To unsubscribe from specific types of marketing communications, please see the relevant section below.
Please note, we may continue to call you for transactional or service-related purposes despite your desire to not receive marketing communications.
E-mail Marketing
To no longer receive Dun & Bradstreet promotional e-mails, newsletters, and updates about new Dun & Bradstreet features, products and service, please contact Dun & Bradstreet Customer Service at 1-800-234-3867 or visit Dun & Bradstreet Communication Preferences. You may change your preferences at any time.
If you have any questions about which addresses, telephone numbers or email addresses you provided to Dun & Bradstreet for marketing purposes, please review your account information in your product dashboard or call Dun & Bradstreet at 1-800-234-3867
Please note, we may continue to send you transactional or service-related e-mails despite your desire to not receive promotional or marketing e-mail messages. Also please note that if you elect to opt-out of receiving promotional e-mails from one of our websites, you may continue to receive promotional emails from our other websites
Telemarketing, Texting or Calling
To no longer receive telemarketing calls, please contact Dun & Bradstreet Customer Service at 1-800-234-3867 or visit Dun & Bradstreet Communication Preferences. You may change your preferences at any time.
If you have any questions about which addresses, telephone numbers or email addresses you provided to Dun & Bradstreet for marketing purposes, please review your account information in your product dashboard or call Dun & Bradstreet at 1-800-234-3867.
Please note, we may continue to call you for transactional or service-related purposes despite your desire to not receive telemarketing calls.
Direct Mail Marketing
To be placed on our company's internal Do Not Mail list should you no longer wish to receive marketing or promotional mailers, please contact Dun & Bradstreet Customer Service at 1-800-234-3867 or visit Dun & Bradstreet Communication Preferences. You may change your preferences at any time.
If you have any questions about which addresses, telephone numbers or email addresses you provided to Dun & Bradstreet for marketing purposes, please review your account information in your product dashboard or call Dun & Bradstreet at 1-800-234-3867.
Please note, we may continue to send you transactional or service-related correspondence despite your desire to not receive marketing mailers.
Third Party Marketing
Individuals whose contact information is in our professional contacts Data Cloud may request to be excluded from the professional contacts Data Cloud, by calling Dun & Bradstreet at 800-234-3867 or emailing custservprivacy@dnb.com
While we may remove your individual business contact information from our professional contacts Data Cloud, please be aware that we will continue to provide your company's or educational institution’s contact information in our Business Information and Educational Institutional Reports and other products and services. Note that if your professional contact information is in a different third party's marketing directory, you will need to request removal with such third party directly.
MDR Products and Services
MDR Products and Services respects your privacy preferences and offers the following ways through which you may control how we contact you and disclose your information. We will honor your requests accordingly.
Email Marketing
We provide individuals with the opportunity to opt out of receiving MDR Products and Services promotional emails, newsletters, and updates about new MDR Products and Services features, products, and services. You may opt out of receiving such promotional communications by sending an email to mdrinfo@dnb.com, or by calling MDR Products and Services Customer Service at 800-333-8802. You may change your preferences at any time. We may continue to send you transactional or service-related emails, such as communications regarding your account or subscription service, despite your desire to not receive promotional or marketing email messages.
Telemarketing
We provide businesses and organizations with the opportunity to place themselves on our company’s internal Do Not Call list should they no longer wish to receive telemarketing calls from us. You may be placed on this list by sending an email to mdrinfo@dnb.com, or by calling MDR Products and Services Customer Service at 800-333-8802. We may continue to call you for transactional or service-related purposes despite your desire to not receive telemarketing calls.
Direct Mail Marketing
We provide businesses and organizations with the opportunity to place themselves on our company’s internal Do Not Mail list should they no longer wish to receive marketing or promotional mailers. You may be placed on this list by sending an email to mdrinfo@dnb.com, or by calling MDR Products and Services Customer Service at 800-333-8802. We may continue to send you transactional or service-related correspondence despite your desire to not receive marketing mailers.
Third-Party Marketing
Individuals and educational professionals whose business contact information we have in our educational professional contacts Data Cloud may request to be excluded from business lists that MDR Products and Services licenses or sells for marketing purposes. An individual who wishes to be removed from our marketing list sales may request to be removed either in writing or by calling MDR Products and Services Customer Service, resulting in that individual’s business contact record removal from our marketing directories, publications, and mailing lists. For additional information or to request removal, please contact MDR Products and Services Customer Service at 800-333-8802 or send an email to mdrinfo@dnb.com. While we may remove your individual business contact information from our educational professional contacts directories and marketing lists, please be aware that we will continue to provide your educational institution’s contact information in our institutional reports and other products and services.
Access, Correction, and Deletion
To help ensure data quality and accuracy, Dun & Bradstreet provides businesses organizations and business professionals with access to their business information within the D&B databases and with an opportunity to review such information, correct verified inaccuracies, or delete any personal information within such business information if required by law. Authorized business representatives may request a complimentary copy of their company's business report.
To obtain a copy of your company’s business report or your information or, to correct or update your information:
Dun & Bradstreet
For all D&B Products and Services:
Dun & Bradstreet Customer Service at 1-800-234-3867 or send an email to custservprivacy@dnb.com
For Hoovers:
Hoovers/Avention: Customer Support at 1-800-486-8666 or by sending an e-mail to customersupport@hoovers.com
When a business owner or principal contacts Dun & Bradstreet about a potential data error, we promptly investigate the issue, confirm the information in question, correct verified inaccuracies or delete any personal information within such business information if required by law, and respond to the original inquiry. In such a case, we may apply a "stop distribution" order regarding the relevant business report, as well as ancillary products that may be affected by the verified inaccuracy, until the matter is properly resolved. When the investigation is complete, we will also send a correction or deletion notice to businesses or others whom we know to have received the inaccurate data, as appropriate. However, some third parties and third party sites may continue to display inaccurate Data until their databases and display of data are refreshed in accordance with their update schedules.
MDR Products and Services
To help ensure data quality and accuracy, MDR Products and Services provides businesses, organizations, and professionals with access to their business information within MDR Products and Services’ databases and with an opportunity to correct verified inaccuracies. Registered users and professionals may view and update their registration and contact information, as well as correct inaccuracies, by calling MDR Products and Services Customer Service at 800-333-8802 or by sending an email to mdrinfo@dnb.com. Registered users and professionals may also request access to all of their personally identifiable information that we collect and maintain in our Data Cloud by visiting the MDR Products and Services Customer Service center for additional information. When a business professional, educational professional, or registered user contacts MDR Products and Services about a potential data error, we will promptly investigate the issue, confirm the information in question, correct verified inaccuracies, and respond to the original inquiry.
If you have a question regarding MDR products, services, or information management practices; if you would like to contact us; or if you would like to provide us with your valued feedback, please visit the MDR Products and Services Customer Contact Center for additional information. Data may also be deleted by sending an email to mdrinfo@dnb.com, or by calling MDR Products and Services Customer Service at 800-333-8802.
Data Security
Dun & Bradstreet maintains commercially reasonable security measures to protect personal information against unauthorized access and disclosure that are consistent with our business operations and generally accepted industry standards. These measures include the implementation of technical, physical and administrative security safeguards. Dun & Bradstreet requires employees to complete privacy and security training. Dun & Bradstreet also implements a third party service provider due diligence program to ensure that our vendors likewise employ adequate data collection, processing, transfer, management and security measures in carrying out their services on our behalf.
We do not necessarily control how you send us your personal information. Therefore, we cannot always ensure or warrant the security of any information that you transmit to us. You agree that you provide this information and engage in such transmissions at your own risk. Once we receive information from you, we will endeavor to maintain its security on our systems. Dun & Bradstreet has established policies and procedures for securely managing information and protecting personal information against unauthorized access and we continually assess our data privacy, information management and data security practices. We do this in the following ways:
- Establishing policies and procedures for securely managing information and as may be further addressed in our contractual relationship with a customer;
- Limiting employee access to sensitive information;
- Protecting against unauthorized access to customer data by using data encryption, authentication and virus detection technology, as required;
- Requiring service providers with whom we do business to comply with relevant data privacy legal and regulatory requirements;
- Monitoring our websites through recognized online privacy and security organizations;
- Conducting background checks on employees and providing Data Privacy training to our team members;
- Continually assessing our data privacy, information management and data security practices
Data Retention
Dun & Bradstreet will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services, contact Dun & Bradstreet Customer Service at 1-800-234-3867 or custservprivacy@dnb.com. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Children
Dun & Bradstreet websites, products and services are for business purposes only. They are not targeted, intended or expected to be of use to children. User provided contributions of content or contact information regarding or about children are expressly prohibited. We do not knowingly collect information on minors under 16 years of age. If we become aware that information we collected may be associated with a minor under 16 years of age, we will delete that information.
Changes to Data Privacy Practices
If we make material changes to our data privacy practices, this policy will be updated and posted on our website in order to keep you informed of how we collect, use, manage, disclose, and protect information. The policy effective date will be updated accordingly.
Sale of Assets
In the event that Dun & Bradstreet is purchased or sells parts or all of the business, the information collected will be considered an asset that can be transferred.
Residents of the EU/EEA, the United Kingdom and Switzerland
Transfers of Personal Information from the EU/EEA, the United Kingdom, and Switzerland to the United States
Please note that, despite the Court of Justice of the European Union’s invalidation of the EU-US Privacy Shield Framework as a mechanism for transfers of personal data between the EU and the U.S. Dun & Bradstreet is currently maintaining our self-certification under the EU-US Privacy Shield Framework and remains committed to protect personal information in accordance with the Privacy Shield Principles which offer meaningful privacy protections for EU individuals. While we will continue our participation in the Privacy Shield Framework, we will at this time only rely on Standard Contractual Clauses to cover the transfer of personal information from the EU, the UK, and Switzerland to other jurisdictions.
For more information on the U.S. Department of Commerce’s continued administration of the Privacy Shield program, please visit the Privacy Shield website.
Dun & Bradstreet and its legal entities participate in and have certified compliance with the EU-U.S. Privacy Shield Framework and the Swiss U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and/or Switzerland (as applicable) to the United States, respectively, in reliance on Privacy Shield. Dun & Bradstreet is committed to subjecting personal information received from European Union (EU) member countries, the United Kingdom, and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce Privacy Shield website.
Dun & Bradstreet is responsible for the processing of personal information it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Dun & Bradstreet complies with the Privacy Shield Principles for all onward transfers of personal information from the EU, the United Kingdom, and Switzerland, including the onward transfer liability provisions.
In certain situations, Dun & Bradstreet may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions, more fully described on the Privacy Shield website you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
To learn more about the Privacy Shield program, and to view our certification, please visit the Privacy Shield website.
Dun & Bradstreet is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
General Data Protection Regulation (GDPR)
We recognize that some of the information we collect may be classified as “personal data” under European Union (EU) law as it is information relating to an individual (e.g. a sole trader, a partnership, a company director, a beneficial owner, a trustee, a professional contact, etc.) residing in the European Union. For additional information in relation to the processing of personal data under EU law, and specifically the General Data Protection Regulation 2016/679, please visit our EU and UK Privacy Notice.
Other Data Transfer Mechanisms
Dun & Bradstreet also complies with other various jurisdictional cross border transfer requirements by using data transfer agreements or other approved mechanisms for global transfers of personal information.
Data Subject Rights for residents of the EU/EEA, the United Kingdom and Switzerland
You have the right to request from us confirmation of whether we are processing your personal data, and if so access to that information. Please see the links on the left for further information about how to request access to your information. This may take up to 28 days, however you may be able to obtain specific information about your personal data immediately by contacting Customer Services.
If any of your personal data is inaccurate you have a right to request rectification. We are very keen to ensure the data we hold is accurate and up to date. Please contact Customer Services.
You have the right to object to our processing and/or request it is deleted or restricted. In considering our response we undertake to ensure your interests, fundamental rights and freedoms are properly balanced against our legitimate interests. We will also look at whether it is still necessary to process your data for the purpose it was collected. Please contact Customer Services for more information.
Before we are able to provide you with any information or correct any inaccuracies we may ask you to verify your identity and to provide other details to help us identify you and respond to your request.
Objecting to receiving direct marketing:
We will always observe your objection to receiving either our Dun & Bradstreet marketing or to us passing on your contact details to third parties for their direct marketing purposes: You can either contact Customer Services including the name, business name, address, telephone number and email address that you wish to have excluded, or you can do this yourself by following these links:
Click here to opt out of receiving information about Dun & Bradstreet products and services
Click here to opt out of receiving information from our customers
You are also able to contact D&B’s data protection officer at any time on EUDPO@dnb.com.
Dispute Resolution
This dispute resolution program covers both offline Data collection (e.g. personal information collected through our call centers or via postal mail) and online Data collection (e.g. personal information collected via the Internet). If you are a citizen of the EU and you have any complaints regarding our compliance with relevant aspects of the Data transfer laws and regulations surrounding Data transfers from the EU you should contact us at: EUDPO@dnb.com.
If you are not a citizen of the EU and you have a question or concern regarding Dun & Bradstreet's data privacy practices, please contact the Chief Privacy Officer at privacyofficer@dnb.com or call the Customer Service center at 1-800-234-3867 or send an email to custservprivacy@dnb.com. We will do our best to resolve any complaints or issues as quickly as possible.
If we cannot resolve your complaints, you may have rights to independent dispute resolution or arbitration under certain circumstances as described below in the sections titled “Independent Dispute Resolution” and “Arbitration.”
Privacy Shield Independent Dispute Resolution
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Arbitration
In accordance with the Privacy Shield, individuals may invoke binding arbitration as a final recourse for claims that a Privacy Shield organization has violated its obligations under the Principles and the claim is not fully resolved by other Privacy Shield recourse mechanisms. The arbitration will be implemented in accordance with the rules established under the Privacy Shield.
California Residents
California Civil Code Section 1798.83 also known as the “Shine the Light” law permits customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please see the Access and Correction section above for contact information.
Making CCPA Data Subject Rights Request
Starting January 1, 2020, under the California Consumer Privacy Act (the CCPA) residents of the state of California have the following rights:
Right to Know and Right to Access
You have the “Right to Know” or the “Right to Access Information About Collection, Disclosure and Sale of your Personal Information” over the past 12 months. Refer to the additional details below. Fill out the form to complete your Right to Information about Collection, Disclosure and Sale of your Personal Information request. The information you provide will only be used to fulfill your CCPA request.
The “Right to Know” or the “Right to Information About Collection, Disclosure and Sale of your Personal Information” gives you the right to request the following information:
- Categories of personal information D&B has collected about you;
- Categories of sources from which the personal information was collected;
- Categories of your personal information that D&B sold or disclosed for a business purpose;
- Categories of third parties to whom the personal information was sold or disclosed for a business purpose;
- The business or commercial purpose for collecting or selling personal information; and
- The specific pieces of personal information that D&B has about you
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Visit the Communication Preferences to opt out of marketing
- Fill out the form to complete your Right to Opt Out of the Sale of Your Personal Information request. The information you provide will only be used to fulfill your CCPA request.
- If you have opted out of the sale of your personal information but would like to Opt Back in, please fill out the CCPA Opt-In form. The information you provide will only be used to fulfill your CCPA request.
Right Not to be Discriminated Against
You also have a Right Not to be Discriminated Against for exercising your CCPA rights. You do not need to request this right, this a is a right we will always give you in regard to any CCPA rights request.
Making CCPA Requests Over the Phone
If you would like to exercise your CCPA rights over the phone, please call us at 1-855-549-8900 and clearly state that you are a resident of the state of California and wish to exercise your CCPA rights. We will ask for additional information to verify your identity.
An authorized agent may make a CCPA request on your behalf. The authorized agent will need to provide the information necessary to confirm your identity, as well as written and signed permission to act on your behalf. An “authorized agent” must also be a natural person or business registered with the Secretary of State in California.
We reserve the right to use a third party to verify your identity and this third party may require additional information for verification purposes. The data you provide will only be used to fulfill your CCPA request.
Please see below for the categories of personal information about California consumers that we have collected, sold and disclosed for a business purpose over the past 12 months.
Data Collected Within the Past 12 Months
Category |
Examples |
Collected, sold and disclosed |
---|---|---|
A. Identifiers. |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. |
We may have collected some of these data elements on California Residents, such as:
|
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. |
We may have collected some of these data elements on California Residents, such as:
|
C. Protected classification characteristics under California or federal law. |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
We may have collected some of these data elements on California Residents. |
D. Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
We may have collected some of these data elements on California Residents, such as:
|
E. Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
We do not collect this type of information. |
F. Internet or other similar network activity. |
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. |
We may have collected some of these data elements on California Residents, such as:
|
G. Geolocation data. |
Physical location or movements. |
We may have collected some of these data elements on California Residents, such as:
|
H. Sensory data. |
Audio, electronic, visual, thermal, olfactory, or similar information. |
We may have collected some of these data elements on California Residents. |
I. Professional or employment-related information. |
Current or past job history or performance evaluations. |
We may have collected some of these data elements on California Residents. |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
We may have collected some of these data elements on California Residents in the course of searching for potential new employees. We do not sell this type of data. |
K. Inferences drawn from other personal information. |
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
We may have collected some of these data elements on California Residents. |
Please see below for additional information on how Dun & Bradstreet collects, sells and discloses personal information on California Residents.
The specific pieces of personal information we have collected about California Consumers. |
Please see the "What Personal Information We Collect” sections above. |
The categories of sources from which the personal information was collected. | We collect personal information from the following sources:
|
The business or commercial purpose for collecting personal information | Dun & Bradstreet collects personal information so that we can supply commercial data about organizations to other organizations. Our purpose is to enable businesses to manage their financial risks, protect against fraud and dishonesty, know who they are doing business with, meet their compliance and regulatory obligations and better understand organizations, industries and markets. We also collect personal information so that we can license and sell professional business contact information for marketing and data management purposes. Personal information is also collected to continually improve our AI platform and enable companies to engage their buyers with 1-to-1 omni-channel experience and make B2B marketing as personalized as B2C marketing. |
The categories of third parties to whom we sell personal information | We sell personal information to the following third parties:
|
The business or commercial purpose for selling personal information | Please see the Privacy Notice above under the section "Our Purpose for Collecting Information”. |
The categories of third parties with whom we share personal information | See the “How Do We Use and Share Personal Information” section of our Privacy Notice. For a list of third parties with whom we use to process personal information, see Schedule 1 “Sub-Processors” at www.dnb.co.uk/dpa |
The business or commercial purpose for sharing such personal information | The business or commercial purpose for sharing such personal information is to utilize third parties to help us in our purpose of enabling businesses to manage their financial risks, protect against fraud and dishonesty, know who they are doing business with, meet their compliance and regulatory obligations and better understand organizations, industries and markets. We also share personal information with third parties so that we can license and sell professional business contact information for marketing and data management purposes. Personal information is also shared to utilize third parties to help us to continually improve our AI platform and enable companies to engage their buyers with 1-to-1 omni-channel experience and make B2B marketing as personalized as B2C marketing. |
MDR Products and Services
Category |
Examples |
Collected, sold and disclosed |
---|---|---|
A. Identifiers. |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. |
We may have collected some of these data elements on California Residents:
|
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. |
We may have collected some of these data elements on California Residents:
|
C. Protected classification characteristics under California or federal law. |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
|
D. Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
|
E. Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
We do not collect this type of information. |
F. Internet or other similar network activity. |
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. |
We do not collect this type of information. For example, receive “intent” data that is built on browse history by webpage topic. |
G. Geolocation data. |
Physical location or movements. |
We do not collect this type of information |
H. Sensory data. |
Audio, electronic, visual, thermal, olfactory, or similar information. |
We do not collect this type of information. |
I. Professional or employment-related information. |
Current or past job history or performance evaluations. |
Current and past professional location and job role. |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
We may have collected some of these data elements on California Residents in the course of searching for potential new employees. We do not sell this type of data. |
K. Inferences drawn from other personal information. |
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
|
Please see below for additional information on how we collect, sell and disclose personal information on California Residents:
What Information Do We Collect?
The specific pieces of personal information we have collected about California Consumers. |
Please see the Privacy Notice above under the section What Information We Collect? |
The categories of sources from which the personal information was collected. |
We collect personal information from the following sources:
|
The business or commercial purpose for collecting personal information. |
Market Data Retrieval (MDR Products and Services), a Dun & Bradstreet (D&B) division, is the leading U.S. provider of marketing information and services for the K-12, higher education, library, early childhood, and related education markets. MDR Products and Services is powered by the most comprehensive, current, and accurate education databases throughout the industry and is the market’s first choice for direct sales and marketing solutions. MDR Products and Services provides comprehensive and relevant business contact information (such as mailing lists), e-marketing programs, sales contacts, actionable leads, custom market research, and market trend analysis. MDR Products and Services products and services enable our customers to meet their business strategy, operational, and growth objectives. |
The business or commercial purpose for selling personal information. |
Market Data Retrieval (MDR Products and Services), a Dun & Bradstreet (D&B) division, is the leading U.S. provider of marketing information and services for the K-12, higher education, library, early childhood, and related education markets. MDR Products and Services is powered by the most comprehensive, current, and accurate education databases throughout the industry and is the market’s first choice for direct sales and marketing solutions. MDR Products and Services provides comprehensive and relevant business contact information (such as mailing lists), e-marketing programs, sales contacts, actionable leads, custom market research, and market trend analysis. MDR products and services enable our customers to meet their business strategy, operational, and growth objectives. |
The categories of third parties with whom we share personal information. |
Please see the “How Do We Use and Share Information” section of our Privacy Notice. |
The business or commercial purpose for sharing such personal information: |
Market Data Retrieval (MDR Products and Services), a Dun & Bradstreet (D&B) division, is the leading U.S. provider of marketing information and services for the K-12, higher education, library, early childhood, and related education markets. MDR Products and Services is powered by the most comprehensive, current, and accurate education databases throughout the industry and is the market’s first choice for direct sales and marketing solutions. MDR Products and Services provides comprehensive and relevant business contact information (such as mailing lists), e-marketing programs, sales contacts, actionable leads, custom market research, and market trend analysis. MDR products and services enable our customers to meet their business strategy, operational, and growth objectives. |
CCPA Request Metrics from January 1, 2020 through December 31, 2020
Right to Know Requests:
- Received: 48
- Complied with (in whole or in part): 48
- Denied: 0
- Mean: 29
- Median: 30
- Received: 90
- Complied with (in whole or in part): 90
- Denied: 0
- Mean: 28
- Median: 28
- Received: 122
- Complied with (in whole or in part): 122
- Denied: 0
- Mean: 28
- Median: 27
Contact
For more information regarding this Privacy Notice, you can contact:
Privacy Officer
Dun & Bradstreet, Inc.
101 JFK Parkway 5th Floor
Short Hills, NJ 07078
privacyofficer@dnb.com
If you are an EU citizen and have questions regarding your personal information or about Dun & Bradstreet's EU Privacy Policy, you can contact:
EU Data Protection Officer at EUDPO@dnb.com
Effective Date:
Effective Date of this Privacy Notice: September 10, 2021
This update to the Privacy Notice outlines updates to the type of information collected and expanded use cases for personal information. The previous update made public CCPA request metrics.
This Privacy Notice was previously updated July 1, 2021.