Dun & Bradstreet

Privacy, Data and AI Transparency Statement (U.S.)

The Privacy, Data and AI Transparency Statement of Dun & Bradstreet (U.S.) details the company's commitment to ethical data stewardship, compliance with global privacy standards like ISO 27701, transparent AI use, and protection of individual rights while processing extensive business and organizational data within a framework of human-centered values and accountability.

This Privacy, Data and AI Transparency Statement reflects the privacy, data processing, and data protection standards of the Responsible D&B Entities in the U.S. It applies to data processing in the U.S. and outlines commitments to data ethics, compliance, and privacy.


Our Commitment to Data Ethics, Compliance, and Privacy

Dun & Bradstreet (D&B) is committed to helping businesses and organizations by providing insights about economic opportunities and risks, including data about businesses, decision-makers, and other individuals representing organizations. D&B aggregates, combines, and generates data, including scores, ratings, and analytics, and maintains a Data Cloud with data on over 500 million organizations globally.

As a responsible data steward for nearly 200 years, D&B strives to balance commercial obligations with the interests of organizations and individuals whose data is processed. The company aims for transparency in data processing and the use of Artificial Intelligence (AI) systems, seeking to improve data quality and support meaningful, data-driven insights while respecting individual rights.

Our Values

D&B’s compliance and ethics are grounded in human-centered values and principles, as outlined in the Code of Conduct and Ethics. These guide the design, implementation, and management of data processing systems to respect human rights, privacy, non-discrimination, diversity, equity, inclusion, and legal obligations.

Consistent Global Standards

D&B maintains trust through an accountability-based compliance and ethics program, applying globally. Core policies include:

  • Data Compliance and Ethics
  • Privacy and Personal Data Protection
  • Data Subject Rights
  • AI Ethics
  • Global Cross Border Privacy Management System
  • Incident and Breach Response

These policies support compliance with ISO 27701 (Privacy Information Management Systems).

Our Data Processing

D&B upholds multilateral standards for cross-border privacy and data protection, supporting certifications under frameworks such as:

  • EU-U.S. Privacy Shield (2016)
  • Swiss-U.S. Privacy Shield (2017)
  • EU-U.S. Data Privacy Framework (2023)
  • Swiss-U.S. Data Privacy Framework (2023)
  • UK Extension to EU-U.S. Data Privacy Framework (2023)

D&B processes various types of data, including data about people, businesses, organizations, places, economic activity, sustainability, legal and business events, and third-party risks. Some of this data is personal data, and some systems used are AI systems.

Dun & Bradstreet, Inc., Eyeota Pte. Ltd, and NetWise Data, LLC are registered as data brokers in certain U.S. states.

Your Personal Data

Personal data is information relating to an identified or identifiable individual. Data that cannot be associated with an individual (anonymous or anonymized) is not personal data.

How Personal Data is Processed

Processing depends on your relationship with D&B, your role, and the nature of products and services. D&B is committed to respecting data and digital rights in both personal and professional capacities, as detailed in the Global Data Subject Rights Policy.

Data Subject Groups

Supplemental Personal Data Processing Statements are provided for:

  • Website visitors and online service users
  • Professional contacts in products and services
  • Sole proprietors (coming soon)
  • Employees, beneficiaries, and dependents
  • Job applicants
  • Consumers
  • MyD&B Mobile App users
  • California residents
  • Eyeota Privacy Center users

Data Subject Rights

D&B honors the following rights:

  • Right to Know: To know if D&B processes your personal data, purposes, and other required information.
  • Right of Access: To access your personal data processed by D&B.
  • Right of Correction: To correct, update, amend, or supplement inaccurate personal data.
  • Right of Deletion: To request deletion of data where there is no legitimate business need or where individual rights outweigh business needs.
  • Right to Opt-Out of Commercial Communications: To opt out of marketing and promotional communications.
  • Right to Opt-Out of Data Sale: To opt out of the sale of personal data, where required by law.
  • Right to Withdraw Consent: To withdraw consent for data processing.
  • Right to Restrictions: To request restrictions on processing, including sensitive data.

You may exercise your rights in connection with D&B’s data processing. D&B will not retaliate or discriminate against individuals exercising their rights. Requests are honored as soon as practicable, in accordance with applicable laws.

Additional Rights for Eyeota and Netwise

  • NetWise Consumer Privacy Opt-Out
  • Eyeota Opt-Outs
  • Eyeota Access Request

Cookies and Online Activity Data

D&B uses cookies and online data collection technologies (e.g., pixel tags, eTags, scripts) to help navigate websites, remember selections, deliver features, measure advertising effectiveness, and remarket. Cookies are grouped into:

  • Required
  • Functional
  • Advertising

Preferences can be managed via the Cookie Consent Manager. More information is available in the Cookie Policy.

Our Use of AI Systems

D&B’s responsible AI program is based on 11 AI Ethics Principles, guiding responsible AI by design across the AI lifecycle. Governance is coordinated through an AI Governance Council, involving leaders from compliance, cybersecurity, data governance, data science, intellectual property, product, and sustainability.

D&B is committed to transparent disclosures about AI systems in solutions, processes, and communications. Where AI is used to process personal data, disclosures are made in Supplemental Personal Data Processing Statements, privacy notices, user guides, system cards, model cards, or transparency statements.

D&B participates in industry initiatives on accountable AI and supports the IAPP AI Governance Center.

Personal Data Sharing and Disclosure

D&B shares data, including personal data, as follows:

  • With D&B companies (subsidiaries, parent companies, affiliates)
  • With members of the D&B worldwide network (independent providers with commercial agreements)
  • With customers (businesses and organizations licensing or accessing data)
  • With authorized resellers
  • With service providers (subcontractors, subprocessors) as necessary
  • With business partners in strategic relationships
  • Through third-party cookies and online technologies
  • Where required by law or for safety/fraud prevention (e.g., law enforcement, regulatory agencies, court orders)
  • In connection with mergers, acquisitions, divestitures, and asset sales (with protections)
  • With other third parties with your consent or authorization

Additional information is provided in Supplemental Personal Data Processing Statements for unique disclosures.

Cross-Border Data Transfers

D&B processes data in the U.S. and other markets (Owned Markets). Transfers are managed according to global standards, including the 12 Principles of the Global Cross-Border Privacy Management System Policy, intragroup agreements, and applicable laws.

Data Privacy Framework

D&B U.S. Entities comply with:

  • EU-U.S. Data Privacy Framework (EU-U.S. DPF)
  • UK Extension to EU-U.S. DPF
  • Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)

D&B has certified adherence to these frameworks for processing personal data from the EEA, UK, and Switzerland. The U.S. Federal Trade Commission has jurisdiction over D&B’s compliance. Dispute resolution is available through TRUSTe and relevant data protection authorities.

Cross-Border Privacy Rules System

D&B complies with the APEC Cross Border Privacy Rules System (CBPRs) for transfers among participating APEC member economies. Dispute resolution is available through TRUSTe.

Data Security

D&B has a comprehensive cyber and data security program to protect data, systems, and assets from loss, misuse, unauthorized access, disclosure, alteration, or destruction. Policies include:

  • Acceptable Use of Information Assets Policy
  • Information Security Management Systems Policy
  • Information Security Policy Framework
  • Information Security Policy
  • Data Handling Standard
  • Cryptographic Standard

More information is available in the overview of D&B’s Information Security Control Environment.

Data Retention

D&B stores data according to the Records Management and Data Retention Policy, which aligns with legal obligations and business needs. Personal data is stored only as long as necessary for its purpose or as required by law. Retention periods are documented and aligned with processing purposes and record types.

Responsible D&B Entities

This Statement applies to the following U.S. legal entities:

  • Dun & Bradstreet Holdings, Inc.
  • The Dun & Bradstreet Corporation
  • Dun & Bradstreet, Inc.
  • Avention, Inc.
  • Dun & Bradstreet Emerging Businesses Corp.
  • Dun & Bradstreet Government Solutions, Inc.
  • Dun & Bradstreet International, Ltd.
  • Dun & Bradstreet NetProspex, Inc.
  • Eyeota USA Inc.
  • Hoover's, Inc.
  • Lattice Engines, Inc.
  • MadObjective, Inc.
  • NetWise Data, LLC
  • Orb Intelligence, Inc.

How to Contact Us

For questions or concerns about privacy, data protection, compliance, or ethics practices, contact D&B Global Compliance & Ethics or use the Helpline.