Privacy, Data and AI Transparency Statement (U.S.)
Dun & Bradstreet (D&B) commits to ethical data stewardship and transparency in processing data and AI use, guided by human-centered values and principles—including respect for privacy, non-discrimination, and legal compliance—while leveraging insights from its global Data Cloud of over 600 million organizations to support informed, responsible business decisions.
Our Commitment to Data Ethics, Compliance and Privacy
At Dun & Bradstreet (D&B), we are dedicated to helping businesses and organizations by providing insights about economic opportunities and risks. We aggregate, combine, and generate data, including scores, ratings, and analytics, with our Data Cloud containing data and insights on over 600 million organizations globally.
As a responsible data steward for nearly 200 years, we strive to balance commercial obligations with respect for the interests of organizations and individuals whose data we process. We are committed to transparency in our data processing and the use of Artificial Intelligence (AI) systems, aiming to improve data quality and support meaningful, data-driven insights while respecting individual rights.
If you have questions or concerns about this Statement, you may contact D&B Global Compliance & Ethics or use our Helpline. You also have the right to lodge a complaint with your local data protection supervisory authority.
Our Values & Ethical Principles
Compliance and ethics at D&B are grounded in human-centered values and principles, as outlined in our Code of Conduct and Ethics. These guide the design, implementation, and management of our data processing systems, ensuring respect for human rights, privacy, non-discrimination, diversity, equity, inclusion, and legal obligations.
3 Core Values
- Data Inspired: We are passionate about the power of data and use data insights to drive informed compliance and ethics decisions.
- Relentlessly Curious: We embrace change, solve new problems, and use curiosity to guide ethical decision-making.
- Helping Others Succeed: We share our time and talent, welcome help from others, and strive for continuous improvement.
5 Ethical Principles
- Respectful: We respect each other and the interests of individuals and organizations we engage with and process data about.
- Courageous: We encourage new ideas, innovation, and speaking up with questions or concerns, with zero tolerance for retaliation.
- Transparent: We are open about our conduct, practices, and support the global economy through transparent data practices.
Consistent Global Standards
We maintain trust through an accountability-based compliance and ethics program that applies globally. Core policies include:
- Data Compliance and Ethics
- Privacy and Personal Data Protection
- Data Subject Rights
- Records Management and Data Retention
- AI Ethics
- Global Cross Border Privacy Management System
- Incident and Breach Response
Our program is designed and audited for compliance with ISO 27701 (Privacy Information Management Systems) and, where applicable, ISO 27001 (Information Security Management Systems). We uphold multilateral standards and certifications, including:
- EU-U.S. Privacy Shield (2016)
- Swiss-U.S. Privacy Shield (2017)
- EU-U.S. Data Privacy Framework (2023)
- Swiss-U.S. Data Privacy Framework (2023)
- UK Extension to EU-U.S. Data Privacy Framework (2023)
- APEC Cross-Border Privacy Rules System (2023)
- TRUSTe Responsible AI Certification (2024)
- Global Cross Border Privacy Rules (CBPR) (2025)
Our Data Processing
We process various types of data to support business decisioning, including data about people, businesses, organizations, places, economic activity, sustainability, legal events, and third-party risks. Some of this data is personal data, and some systems used are AI systems.
Dun & Bradstreet, Inc. is registered as a data broker in California, Oregon, Vermont, and Texas. Eyeota Pte. Ltd and NetWise Data, LLC are also registered as data brokers in certain states.
Your Personal Data
Personal data is information relating to an identified or identifiable individual. This includes data that can be used to identify, locate, track, or contact an individual.
We provide Responsible Data Processing Sheets (RDPS) for our products and solutions, detailing how personal data is processed.
Your Data Subject Rights
We are committed to respecting the data and digital rights of individuals, as detailed in our Global Data Subject Rights Policy. Rights include:
- Right to Know: To know whether D&B processes personal data about you and for what purposes.
- Right of Access: To access the specific personal data D&B processes about you.
- Right of Correction: To correct, update, amend, or supplement inaccurate personal data.
- Right of Deletion: To request deletion of your data where D&B does not have a legitimate business need or where your rights outweigh D&B’s need.
- Right to Object: To object to certain types of processing.
- Right to Opt-Out of Commercial Communications: To opt out of marketing and promotional communications.
- Right to Opt-Out of Data Sale: To opt out of the sale of personal data where required by law.
- Right to Opt-Out of Data Sharing with Third Parties for Online Advertising: To opt out of data sharing for targeted advertising.
- Right to Withdraw Consent: To withdraw consent for data processing.
- Right to Restrictions: To request restrictions on how D&B processes your personal data.
You may exercise your rights through the provided mechanisms. D&B will not retaliate or discriminate against individuals exercising their rights.
Additional rights and opt-out mechanisms are available for Eyeota and NetWise businesses.
Personal Data Sharing and Disclosure
We share data, including personal data, in the following ways:
- With other D&B companies and affiliates within our corporate group.
- With members of the D&B worldwide network (independent providers of business information).
- With customers (businesses and organizations licensing or accessing our data).
- With service providers, subcontractors, and subprocessors as necessary for business activities.
- Through third-party cookies and online technologies for service performance and advertising.
- Where required by law or for safety/fraud prevention (e.g., law enforcement, regulatory agencies, court orders).
- In connection with mergers, acquisitions, divestitures, and asset sales.
- With other third parties with your consent or authorization.
We expect third parties working on our behalf to adhere to our ethical standards and contractual obligations.
AI Systems & Use at Dun & Bradstreet
We use the OECD definition of "AI system": a machine-based system that infers how to generate outputs (predictions, content, recommendations, or decisions) that can influence environments. AI systems vary in autonomy and adaptiveness.
We are committed to transparent disclosures about our AI systems, including through system cards, model cards, and privacy notices. Our responsible AI program is built on 11 AI Ethics Principles, supported by shared governance through our AI Governance Council.
AI Standards Principles
- Human-Centered Values & Principles
- Transparency & Explainability
- Fairness & Non-Discrimination
- Safety
- Quality, Robustness, & Accuracy
- Risk Management
- Privacy & Confidentiality
- Engagement & Confidentiality
- Data Security & Resiliency
- Intellectual Property
- Responsibility & Accountability
Data Compliance & Cookies
We use cookies and online data collection technologies to help navigate our website, remember selections, deliver features, measure advertising effectiveness, and remarket. Cookies are grouped into Required, Functional, and Advertising categories. Preferences can be managed via our Cookie Consent Manager. More information is available in our Cookie Policy.
Data Retention
Data is stored in accordance with our Records Management and Data Retention Policy, which aligns with legal obligations and business needs. Personal data is stored only as long as necessary for its purpose or as required by law. Retention periods are documented and supported by our policy.
Data Security
We have a comprehensive cyber and data security program to protect data, systems, and assets from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Our policies include:
- Acceptable Use of Information Assets Policy
- Information Security Management Systems Policy
- Information Security Policy Framework
- Information Security Policy
- Data Handling Standard
- Cryptographic Standard
More information is available in our overview of the D&B Information Security Control Environment.
Cross-Border Data Transfers
D&B processes data in the United States and other markets (Owned Markets). Transfers are managed according to our Consistent Global Standards, including our Global Cross-Border Privacy Management System Policy and intragroup agreements, and are governed by applicable laws and multilateral frameworks.
Data Privacy Framework
D&B U.S. Entities comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) for personal data transfers from the EEA, UK, and Switzerland. Unresolved complaints may be referred to TRUSTe for dispute resolution at no cost. For employment-related data, D&B cooperates with relevant data protection authorities.
Cross Border Privacy Rules System
D&B complies with the APEC Cross Border Privacy Rules System (CBPRs) for transfers among participating APEC member economies. Unresolved privacy concerns may be referred to TRUSTe for dispute resolution at no cost.
Our Approach to Digital Operational Resilience
Resilience is a core ethical principle guiding D&B’s operations and long-term success. Our history demonstrates a focus on strategies for continued resilience and operational excellence.