Other Covered Entities
Swiss-U.S. Privacy Shield Framework: Active
EU-U.S. Privacy Shield Framework: Active
Purpose of Data Collection
D&B's Privacy Shield certification covers three areas: (1) DUN & BRADSTREET TRANSACTIONS: Dun & Bradstreet uses information to process transactions with parties entering into business relations with Dun & Bradstreet and its affiliates. The identifiable information permits Dun & Bradstreet to initiate and complete business transactions, process customer data as part of business transactions, deliver products and services, administer individual accounts, provide customer support, and meet government and regulatory requirements (such as tax collection). (2) BUSINESS INFORMATION REPORTING: Dun & Bradstreet, in the course of business information reporting, processes, stores and reports the information to third parties who agree to comply with Dun & Bradstreet's terms and conditions, which include the obligation to comply with all applicable local, state, federal and international Privacy and Data Protection laws, rules, regulations and ordinances. Dun & Bradstreet and its affiliates collect hundreds of data elements on millions of business establishments around the world. While the data elements that Dun & Bradstreet and its affiliates collect in this capacity are business-related and commercial in nature, certain data elements are specifically identifiable to individual owners, principals and business professionals associated with the subject business entities. Data collected about individual owners, principals and business professionals is limited to information that relates to their business activities and information that is deemed relevant for business decision-making purposes. D&B uses some of this information for business related analysis and automated profiling. Professional contact information is used to support businesses for their marketing and data management purposes and for online and digital sales lead generation purposes. Dun & Bradstreet and its affiliates collect this information for legitimate business purposes such as providing trading partners with a sense of who is responsible for the decisions that drive the subject business; providing the business-related qualifications of the business principals, owners and managers; and serving as a resource to assess the likelihood of a given business's success. Such business-specific and commercial uses represent non-personal activities, as they pertain to a business enterprise for business-to-business commerce decisions. The data is not used to assess individuals in their personal capacities. Market Data Retrieval (MDR), a division of Dun & Bradstreet Inc., is a provider of online and digital marketing information and services for the education market in the U.S. and Canada. (3) PROCESSING OF CONSUMER INFORMATION FOR FOREIGN AFFILIATES OR PERSONAL INFORMATION AS PART OF D&B'S BUSINESS PRODUCT AND SERVICE OFFERINGS: D&B Limited (an EU subsidiary of D&B Inc.) is licensed by the UK Financial Conduct Authority to provide credit referencing on sole traders, small partnerships and associations. D&B Ltd however does not credit reference individuals in relation to their consumer activities but only their business activities. In certain instances, Dun & Bradstreet's U.S. operations support these product and service offerings solely as a Data Processor. In doing so, it will act at the specific direction of the European affiliate. In addition, Dun & Bradstreet’s U.S. operations may process information about individual owners, principals and business professionals that has been collected and/or stored in the EU as part of its business product and service offerings. Dun & Bradstreet and its affiliates collect this information for purposes such as due diligence review of vendors, distributors, customers and other third parties and also for sales and marketing purposes. Such business-specific uses pertain to a business enterprise for business-to-business commerce decisions.
Questions or Complaints?
If you have a question or complaint regarding the covered data, please contact Dun & Bradstreet at:
Chief Privacy Officer
Short Hills, New Jersey 07078
Privacy Shield organizations must respond within 45 days of receiving a complaint.
If you have not received a timely or satisfactory response from Dun & Bradstreet to your question or complaint, please contact the independent recourse mechanism listed below
NON-HR RECOURSE MECHANISM
Appropriate statutory body with jurisdiction to investigate any claims against Dun & Bradstreet regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission