7th July 2017
Dun & Bradstreet (D&B) is the world's leading source of business information and insight. Since 1841, Dun & Bradstreet has collected information about businesses to deliver products and services that assist our customers in making critical commercial decisions. Dun & Bradstreet's global business database contains more than 265 million business records. Some of the information we collect may be classified as "personal data" under European Union (EU) law as it is information relating to an individual (e.g. a sole trader, a partnership, a company director, a beneficial owner, a trustee, a professional contact etc). This privacy notice provides the information we are required to give in relation to the processing of personal data under EU law.
This privacy notice is applicable to all Dun & Bradstreet companies registered in the EU and those outside the EU when they carry out business information activities on residents of the EU or offer goods or services to businesses in the EU. The Data Protection Officer for D&B can be contacted on EUDPO@DNB.COM.
What Information Do We Collect and Why?
D&B processes data so that it can supply commercial data about organisations to other organisations. The purpose of this processing is to enable businesses to manage their financial risks, protect against fraud, know who they are doing business with, meet compliance and regulatory obligations and better understand organisations, industries and markets.
We also licence or sell professional business contact information to authorized resellers or organisations for marketing and data management purposes.
Therefore we collect information on businesses and business professionals. This is our "Commercial Data" and includes the following examples:
- Company and business professional contact information, including name, job title, address, phone number, fax number, e-mail address, domain names, and trade associations;
- Detailed company profiles and statistics, including number of employees;
- Background information regarding company management, such as beneficial ownership/persons of significant control, the educational and career histories of company principals;
- Company operational histories, including territories, subsidiaries, affiliates, and lines of business;
- Detailed trade and business credit information, including payment histories and patterns;
- Business information regarding profitability, debts, assets, net worth, and business relationships;
- Business compliance information from public source government and professional records, media and business publications;
- Newspaper and media reports of criminal convictions
For our own business purposes we also collect information such as:
- Credit/debit card information in order to process certain customer payments
- Contact details of actual or potential customers (D&B's "Marketing Data")
D&B does not seek to collect any information in relation to a European resident's race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic or biometric data.
Our data originates from
- An organisations' creditors and suppliers
- Data vendors
- Governmental and administrative public records such as business registrations, company filings, court and bankruptcy filings
- Public sector information (e.g. Charity Commission, Company Registrars)
- Regulatory bodies and law enforcement agencies
- D&Bs World Wide Network Partners
Our Marketing Data originates from our customer base, previous customers, D&B products, public sources, events, promotions, content syndication and website visitors.
Who do we share this information with?
We don't share our Marketing Data with anyone.
We share our Commercial Data (and that may include personal data) we collect with:
- Worldwide Network Partners - independent business information providers across the world with whom we have entered into commercial agreements to help achieve a leading competitive position internationally in providing business information.
- Customers - businesses and organisations with whom we enter into agreements to purchase or access our data.
- Resellers - we licence professional business contact information to authorized resellers and third party businesses for marketing and data management purposes.
- Service providers - such as credit card processors, auditors, advisors, consultants, live help/chat providers and contractors, in order to support Dun & Bradstreet's websites and business operations. We contractually require these recipients to only use personal data for the intended purpose of the disclosure and that they destroy or return it when it is no longer needed.
We may also disclose personal data:
- As required or appropriate in order to protect our website, business operations or legal rights, or in connection with a sale or merger involving Dun & Bradstreet assets or businesses. (In the event that Dun & Bradstreet is purchased or sells parts or all of the business, the information collected will be considered an asset that can be transferred).
- To a court, tribunal administrative authority law enforcement agencies, regulatory authorities or government agencies. If based in a country outside the EU we would only comply with such a request if there was an international agreement (such as a mutual legal assistance treaty) in place.
We use the information we obtain in order to produce scores and ratings such as D&B's Failure and Delinquency Scores, the D&B Rating, D&B's Maximum Credit and the D&B Payment Score. We may also carry out customised profiles for our customers. We use highly developed scoring models and algorithms, based on previous similar circumstances, adverse events and economic forecasts to produce a score.
We recommend to our customers how to interpret and use our scores. Our customers may choose to use our scores alone or combine the scores with other information available to them. Their decision making will be based around whether to insure or market to, extend credit, acquire, trade or partner with a business. Our scores predict whether a business is likely to continue trading, pay its bills on time, receive credit, whether they would be likely to purchase a product or service, where they benchmark within their industry or whether they are subject to any specific risks. We do not make any decisions about an organisation - we do not hold blacklists and we do not tell our customers whether to trade with an organisation.
We transfer personal data to recipients outside the EU and rely on adequacy decisions, data transfer agreements or other EU approved mechanisms for such transfers. Dun & Bradstreet Inc is certified with the Privacy Shield and ensures all its customers agree to the Privacy Principles. If you require further information on this please contact the Data Protection Officer on EUDPO@dnb.com.
Personal data is stored for varying lengths depending on the nature and purpose for which it was collected. We store personal data in line with any applicable statutory minimum periods, and then review it periodically (usually annually) to ensure it is still necessary to be retained for the purpose for which it was collected. Where there is a statutory maximum for which data can be retained, such as County Court Judgements we will delete accordingly on expiration.
Grounds of Processing
In technical legal terms we process personal data under the ground of "legitimate interest". D&Bs legitimate business interest is the supply of commercial data (and the marketing of our business). The purpose of this processing is to enable businesses to manage their financial risks, protect against fraud, know who they are doing business with, meet compliance and regulatory obligations and better understand organisations, industries and markets. We also licence or sell professional business contact information to authorized resellers or organisations for marketing and data management purposes.
Data Subject Rights
You have the right to request from us confirmation of whether we are processing your personal data, and if so access to that information.
If you are a non-limited company (a sole trader or a partner) you can contact us to obtain a copy of your credit report based on the information we hold about you. There is a fee of £2 for this report.
If any of your personal data is inaccurate you have a right to request rectification. We are very keen to ensure the data we hold is accurate and up to date.
You have the right to object to our processing and/or request it is deleted or restricted. In considering our response we undertake to ensure your interests, fundamental rights and freedoms are properly balanced against our legitimate interests. We will also look at whether it is still necessary to process your data for the purpose it was collected.
We will always observe your objection to receiving either our Dun & Bradstreet marketing or to us passing on your contact details to third parties for their direct marketing purposes: please contact Customer Services including the name, business name, address, telephone number and email address that you wish to have excluded.
Before we are able to provide you with any information or correct any inaccuracies we may ask you to verify your identity and to provide other details to help us identify you and respond to your request.
We strive for continuous improvement in our services, processes and protecting data subject rights. We will therefore update this privacy notice from time to time. Therefore, we advise you to check this notice on a regular basis, or if requested we will send it to you on a regular basis.
All complaints or concerns and appropriate resolution relating to the practices of handling personal information will be logged. Any complaints of this nature should be made to Customer Services or the EU Data Protection Officer at EUDPO@dnb.com at:
Dun & Bradstreet Limited
Bucks SL7 1AJ
You also have the right to lodge a complaint with a supervisory authority.