Dun & Bradstreet

Privacy, Data and AI Transparency Statement (U.S.)

Dun & Bradstreet commits to ethical, transparent, and compliant data stewardship by aggregating and analyzing data on over 500 million global organizations while adhering to human-centered values, privacy protections, AI ethics, and consistent global standards such as ISO 27701 to support responsible, data-driven business insights and decision-making.

Our Commitment to Data Ethics, Compliance, and Privacy

At Dun & Bradstreet (D&B), we focus on bringing businesses and organizations together by providing insights about economic opportunities and risks, including data about businesses, business decision-makers, and other people who represent organizations of all sizes across industries and sectors. We aggregate, combine, and generate data, including scores, ratings, and analytics. Our Data Cloud contains data and insights on over 500 million organizations globally.

As a responsible data steward for almost 200 years, we strive to balance our commercial obligations with respect for the interests of organizations and individuals about whom we process data. We aim to be transparent about how we process data about people, businesses, and organizations, as well as how we use Artificial Intelligence (AI) systems. Our goal is to improve visibility, engagement, and enrich the overall quality of our data to support meaningful data-driven insights, more opportunities, and better business and professional decision-making while respecting the interests and rights of individuals and their communities.

Our Values

Compliance and ethics at D&B begin with human-centered values and principles, as set forth in our Code of Conduct and Ethics. These guide us in designing, implementing, improving, disposing, and retiring data processing and management systems in a way that respects human rights, privacy and data protection, non-discrimination, diversity, equity, inclusion, and other applicable legal and regulatory obligations.

Consistent Global Standards

We build and maintain trust through an accountability-based compliance and ethics program that applies to our data processing globally. Core policies include:

  • Data Compliance and Ethics
  • Privacy and Personal Data Protection
  • Data Subject Rights
  • AI Ethics
  • Global Cross Border Privacy Management System

Our program is designed and audited for compliance with ISO 27701 (Privacy Information Management Systems) and, where applicable, ISO 27001 (Information Security Management Systems). We uphold multilateral standards and support certifications under frameworks recognized by regulators, such as:

  • EU-U.S. Privacy Shield (2016)
  • Swiss-U.S. Privacy Shield (2017)
  • EU-U.S. Data Privacy Framework (2023)
  • UK Extension to EU-U.S. Data Privacy Framework (2023)
  • Swiss-U.S. Data Privacy Framework (2023)
  • APEC Cross-Border Privacy Rules System (2023)

We process many types of data to support business decisioning, including data about people, businesses, organizations, places, economic activity, sustainability, legal and other significant business events, and third-party risks. Some of this data is personal data, and some systems we use are AI systems.

Dun & Bradstreet, Inc., Eyeota Pte. Ltd, and NetWise Data, LLC are registered as data brokers in certain U.S. states.

Your Personal Data

Personal data is information that relates to an identified or identifiable individual natural person ("data subject"). It includes information that can be used to identify, locate, track, or contact an individual. Data that cannot be associated with an identified or identifiable individual (anonymous or anonymized data) is not personal data.

How we process personal data depends on your relationship with us, your role within your business or other organizations, the nature of our products and services, and our data and analytics methodologies.

We are committed to respecting the data and digital rights of natural persons in both their personal and professional capacities, as detailed in our Global Data Subject Rights Policy and applicable laws.

Your Data Subject Rights

We provide Supplemental Personal Data Processing Statements for different data subject groups, including:

  • Website visitors and online service users
  • Professional contacts in our products and services
  • Sole proprietors in our products and services (coming soon)
  • Employees and beneficiaries
  • Job applicants
  • Consumers (coming soon)
  • Cookie Policy
  • California Resident Disclosures
  • Eyeota Privacy Center

We honor the following data subject rights:

  • Right to Know: The right to know whether D&B processes personal data about you, for what purposes, and other information as required by law.
  • Right of Access: The right to access the specific personal data D&B processes about you and other information as required by law.
  • Right of Correction: The right to correct, update, amend, and/or supplement inaccurate personal data.
  • Right of Deletion: The right to deletion of data where D&B does not have a legitimate business need to process it, or where your rights or risk of harm outweigh D&B’s business need.
  • Right to Opt-Out of Commercial Communications: The right to opt out of marketing and other forms of promotional, advertising, or commercial communications.
  • Right to Opt-Out of Data Sale: Where required by law, the right to opt out of the sale of personal data.
  • Right to Opt-Out of Data Sharing with Third Parties for Online Advertising: The right to restrict how D&B processes personal data, including sensitive data.

You may exercise your data subject rights in connection with our data processing. D&B will not retaliate or discriminate against anyone exercising these rights. Requests will be honored as soon as practicable and in accordance with applicable laws and timelines.

Cookies and Online Activity Data

We use cookies and other online data collection technologies (such as single pixel tags, eTags, and scripts) to help you navigate our website and online services, remember your selections, deliver features and content, measure advertising effectiveness, and remarket to you. We use session and browser cookies, some placed by D&B and some by third parties. Cookies are grouped into Required, Functional, and Advertising categories. You can manage your preferences via our Cookie Consent Manager. For more information, review our Cookie Policy.

Our Use of AI Systems

We are committed to the responsible use and development of AI systems and responsible AI solutions that accelerate innovation, improve efficiency, and contribute to sustainable growth. Our responsible AI program is built on 11 AI Ethics Principles and is supported by shared governance through our AI Governance Council, which includes leaders from compliance, cybersecurity, data governance, data science, intellectual property, and sustainability.

We rely on the Organisation for Economic Co-operation and Development (OECD) definition of "AI system": a machine-based system that, for explicit or implicit objectives, infers from input how to generate outputs (such as predictions, content, recommendations, or decisions) that can influence physical or virtual environments. Different AI systems vary in autonomy and adaptiveness after deployment.

We are committed to transparent, meaningful disclosures about our AI systems. Where we use an AI system to process personal data, we disclose this in our Supplemental Personal Data Processing Statements, contextual privacy notices, user guides, model cards, or transparency statements.

Personal Data Sharing and Disclosure

We share data, including personal data, in the following ways:

  • With other D&B companies, subsidiaries, parent companies, and affiliates within the D&B corporate group, in accordance with our Consistent Global Standards.
  • With members of the D&B worldwide network (independent providers of business information) under commercial and data protection agreements.
  • With our customers (businesses and organizations) who license or access our data via our products and services.
  • With authorized resellers permitted to resell our products and services.
  • With our service providers, subcontractors, and subprocessors as necessary to carry out business activities. Service providers functioning as data processors are only authorized to process necessary personal data as directed by us.
  • With other business partners for co-development, co-marketing, or co-selling certain products, solutions, services, or events, as agreed upon.
  • Through third-party cookies and related online technologies for evaluating use, managing performance, and advertising purposes.
  • Where required by law or for safety or fraud prevention (e.g., law enforcement, regulatory agencies, court orders, or to protect vital interests).
  • In connection with mergers, acquisitions, divestitures, and asset sales, provided the acquiring organization agrees to comparable protections.
  • With other third parties with your consent or authorization, in accordance with applicable laws.

Where we disclose personal data about specific data subjects in unique ways, additional information is provided in our Supplemental Personal Data Processing Statements.

Cross-Border Data Transfers

D&B processes data in the United States and other markets where we have operations (Owned Markets). Transfers are managed in accordance with our Consistent Standards, including the 12 Principles of our Global Cross-Border Privacy Management System Policy, intragroup agreements, applicable laws, adequacy decisions, and multilateral frameworks.

Data Privacy Framework

D&B U.S. Entities comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. D&B has certified adherence to these frameworks for processing personal data received from the EEA, UK, and Switzerland. The U.S. Federal Trade Commission has jurisdiction over D&B’s compliance. In certain situations, D&B U.S. entities may be required to disclose personal data in response to lawful requests by public authorities.

  • For personal data other than employment-related data: Unresolved complaints may be referred to TRUSTe, an alternative dispute resolution provider.
  • For employment-related data: D&B U.S. Entities commit to cooperate with EU, UK, and Swiss data protection authorities regarding unresolved complaints.
  • For complaints not resolved by other mechanisms, binding arbitration may be invoked under certain conditions.

Cross-Border Privacy Rules System

D&B’s privacy practices comply with the APEC Cross Border Privacy Rules System (CBPRs), providing a framework for protection of personal data transferred among participating APEC member economies. Unresolved privacy or data use concerns may be referred to TRUSTe.

Data Security

D&B has implemented a comprehensive cyber and data security program to protect data, systems, and assets from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Our data security functional policies include:

  • Acceptable Use of Information Assets Policy
  • Information Security Management Systems Policy
  • Information Security Policy Framework
  • Information Security Policy
  • Data Handling Standard
  • Cryptographic Standard

More information is available in our overview of the D&B Information Security Control Environment.

Data Retention

D&B stores data in accordance with our Records Management and Data Retention Policy, which supports our Data Compliance and Ethics policies. Personal data is stored only as long as necessary for its purpose or as required by law. Retention periods are defined to align with legal obligations and legitimate business needs, and are documented for our data processing activities and systems. Data in static records is maintained according to the retention periods for those records.

D&B Legal Entities to Which This Statement Applies

United States:

  • Dun & Bradstreet Holdings, Inc.
  • The Dun & Bradstreet Corporation
  • Dun & Bradstreet, Inc.
  • Avention, Inc.
  • Dun & Bradstreet Emerging Businesses Corp.
  • Dun & Bradstreet Government Solutions, Inc.
  • Dun & Bradstreet International, Ltd.
  • Dun & Bradstreet NetProspex, Inc.
  • Eyeota USA Inc.
  • Hoover's, Inc.
  • Lattice Engines, Inc.
  • MadObjective, Inc.
  • NetWise Data, LLC
  • Orb Intelligence, Inc.

How to Contact Us

If you have a question or concern about our privacy, data protection, compliance, or ethics practices, you may contact D&B Global Compliance & Ethics or raise a question or concern using our Helpline.