Home / Privacy Policy

Applicability and definitions

This privacy notice applied to Dun & Bradstreet Information Services India Private Limited (“D&B”) a part of the Dun & Bradstreet Group, the world's leading source of business information and insight, which has been collecting information about businesses to deliver products and services that assist D&B’s customers in making critical commercial decisions.

This notice endeavors to provide an insight into D&B’s collection, use, storage, processing and handling of the business information, which may include Personal Information (“PI”) or the Sensitive Personal Data or Information (“SPDI”), in accordance with extant laws of India, including the Information Technology Act (“Act”) read with the Information Technology (Reasonable Security Practices And Procedures And Sensitive Personal Data or Information) Rules, 2011 (“Rules”). 

The term “Personal Information” or PI is defined under the Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

The term “Sensitive Personal Data or Information” or SPDI is defined under the Rules to include the following information:

  1. password;
  2. financial information such as bank account or credit card or debit card or other payment instrument details;
  3. physical, physiological and mental health condition;
  4. sexual orientation;
  5. medical records and history;
  6. biometric information;
  7. any detail relating to the above clauses as provided to the Company for providing services; and
  8. any information received under the above clauses, (a) and/or (b), by a body corporate for collection, use, transferring, processing, possessing, storing, dealing, disclosing and handling under lawful contract or otherwise.

However, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as SPDI.

What information does D&B collect and why?

D&B collects information on businesses and business professionals, which business information is commercial data and includes the following examples:

  • Company and business professional contact information, including name, job title, company address, phone number, fax number, e-mail address, domain names, trade associations, incorporation and tax information, and records pertaining thereto;
  • Detailed company profiles and statistics, including number of employees, sales volume, turnover;
  • Background information regarding company management, such as beneficial ownership / persons of significant control, and the educational and career histories of company principals;
  • Company operational histories, including territories, subsidiaries, affiliates, and lines of business;
  • Detailed trade and business credit information, including payment histories and patterns;
  • Business information regarding profitability, debts, assets, net worth, business relationships;
  • Business compliance information from public source government and professional records, media and business publications; 
  • Newspaper and media reports, including court judgments from various trusted online sources;
  • Website and online data including IP addresses, geolocation (latitude / longitude information of the businesses), comments on social media which are collected and aggregated and used to analyze trends regarding Dun & Bradstreet products and services, and to increase accuracy of D&B’s business data sets.
  • Other similar data types;
  • Information required for the purpose of recruitment of employees, however, is covered under a separate notice.

The afore referred commercial data may comprise of PI. D&B collects the information, including the passwords, of its customers for purpose of rendering the services subscribed by them.  

D&B data originates from:

  • Organizations providing information directly to D&B;
  • Creditors and suppliers of an organization;
  • Data vendors;
  • Governmental and administrative public records such as business registrations, company filings, court and bankruptcy filings;
  • Public sector information (e.g. Charity Commission, Company Registrars);
  • Regulatory bodies and law enforcement agencies;   
  • D&B’s Worldwide Network Partners (defined below).

The purpose of this processing is to enable businesses to manage their financial risks, protect against fraud, know who they are doing business with, meet compliance and regulatory obligations and better understand organizations, industries and markets. D&B also licenses professional business contact information for marketing and data management purposes.

Who does D&B share this information with?

D&B shares its commercial data, which may include PI:

  • Worldwide Network Partners – independent business information providers across the world with whom D&B has commercial arrangements to help achieve a leading competitive position internationally in providing business information;
  • Customers – businesses and organizations with whom D&B enters into agreements to license or access its commercial data.  D&B customers enter into agreements or licenses with it because they wish to manage their financial risks, protect against fraud, know who they are doing business with, meet compliance and regulatory obligations, better understand organizations, industries and markets or carry out direct marketing;
  • Resellers – D&B licenses information to authorized resellers and third-party businesses for reselling;
  • Service providers – such as auditors, advisors, consultants, live help/chat providers and contractors, in order to support D&B websites and business operations. D&B contractually requires these recipients to only use PI for the intended purpose of the disclosure and that they destroy or return it when it is no longer needed.

D&B may also disclose PI:

  • As required or appropriate in order to protect D&B website, business operations or legal rights, or in connection with a sale or merger involving D&B assets or businesses. In the event that D&B is purchased or sells parts or all of the business, the information, including the PI, collected will be considered an asset that can be transferred, however, subject to the then extant laws.
  • To a court, tribunal, administrative authority law enforcement agencies, regulatory authorities, government agencies and likes, by whatsoever name called. If based in a country outside India, D&B would only comply with such a request if there was an international agreement (such as a mutual legal assistance treaty) in place.

Profiling

D&B uses the business information that it obtains to produce scores and ratings. It may also carry out customized profiles for its customers, which are business entities. D&B uses highly developed scoring models and algorithms, based on previous similar circumstances, adverse events and economic forecasts to produce a score. D&B recommends to its customers on how to interpret and use the scores. D&B customers may choose to use D&B scores alone or combine the scores with other information available to them, in which latter case, D&B shall not be accountable or responsible in any manner whatsoever. D&B customers’ decision making will be based around whether to insure or market to, extend credit, acquire, trade or partner with a business. D&B scores predict whether a business is likely to continue trading, pay its bills on time, receive credit, whether they would be likely to purchase a product or service, where they benchmark within their industry or whether they are subject to any specific risks. D&B does not make any decisions about an organization, D&B neither hold blacklists nor tell the customers whether to trade with an organization or not.

International transfers

If the PI is transferred to recipients outside India, D&B is required to comply with the Rules for such transfers, which requires the recipient outside India to provide the same level of data protection to the PI, as prescribed under the Rules.

Rights

If any of your information is inaccurate you have a right to request rectification. D&B is very keen to ensure the data it holds is accurate and up to date. If you object to D&B processing your information and/or request it is deleted or restricted, D&B undertakes to ensure your interests, fundamental rights and freedoms are properly balanced against D&B’s legitimate interests. Before D&B is able to provide you with any information or correct any inaccuracies D&B may ask you to verify your identity and to provide other details to help D&B identify you and respond to your request.

Objecting to receiving direct marketing requests: D&B will always observe your objection to receiving either its marketing or to D&B passing on your contact details to third parties for their direct marketing purposes.

Notice of correction: Any organization can ask D&B to correct, remove or amend any information on their report. D&B will contact you within reasonable days of receiving your email to let you know that D&B has either removed or amended the entry, or taken no action.

For any of the above you may reach out to D&B on ServiceIndia@DNB.com explicitly mentioning your requirement.

Handling Customers’ data

Sometimes customers provide D&B along with their business information, information on their customers, suppliers or prospects, which may contain PI, for purpose of providing them with the required services.  D&B handles such information that its customers provide in accordance with the agreement/s executed between D&B and such customers for the purposes as contemplated under such agreement/s.

Data Security

D&B maintains commercially reasonable security measures to protect personal information against unauthorized access and disclosure and that are consistent with D&B’s business operations and generally accepted industry standards. These measures include the implementation of technical, physical and administrative security safeguards. D&B requires employees to complete privacy and security training.  D&B also implements a third-party service provider due diligence program to ensure that its vendors likewise employ adequate data collection, processing, transfer, management and security measures in carrying out their services on its behalf.

D&B does not necessarily control how you send D&B your personal information. Therefore, D&B cannot always ensure or warrant the security of any information that you transmit to D&B. You agree that you provide this information and engage in such transmissions at your own risk. Once D&B receives information from you, it will endeavor to maintain its security on its systems. D&B has established policies and procedures for securely managing information and protecting data against unauthorized access and it continually assess its data privacy, information management and data security practices. D&B does this in the following ways:

  • Establishing policies and procedures for securely managing information and as may be further addressed in its contractual relationship with a customer;
  • Limiting employee access to sensitive information;
  • Protecting against unauthorized access to customer data by using data encryption, authentication and virus detection technology, as required;
  • Requiring service providers with whom it does business to comply with relevant data privacy legal and regulatory requirements;
  • Monitoring its websites through recognized online privacy and security organizations;
  • Conducting background checks on employees and providing data privacy training to its team members;
  • Continually assessing its data privacy, information management and data security practices.

Updating this Privacy Notice

D&B strives for continuous improvement in its services, processes and protecting PI. D&B will therefore update this privacy notice from time to time. Therefore, D&B advises you to check this notice on a regular basis.  

Complaints

All complaints or concerns and appropriate resolution relating to the practices of handling PI may be sent on ServiceIndia@DNB.com and a copy thereof may be posted to Legal & Compliance Team at Dun & Bradstreet Information Services India Private Limited, ICC Chambers, Saki Vihar Road, Powai, Mumbai - 400 072.

Other Dun & Bradstreet Group Entities

This Privacy Notice does not apply to Dun & Bradstreet Group companies based in the European Union or the United Kingdom, or when any Dun & Bradstreet Group company processes data relating to residents of the European Union under the General Data Protection Regulation (“GDPR”). In such cases please see the EU and UK Privacy Notice (https://www.dnb.co.uk/utility-pages/privacy-policy.html).

This Privacy Notice does not apply to Dun & Bradstreet Group companies based in the People’s Republic of China, and their collection and sale of such information. In such cases, please see the China Privacy Notice (https://www.dnbchina.com/privacy.html).

This Privacy Notice does not apply to Dun & Bradstreet Group Companies based in Canada and their collection and sale of personal information.  In such cases, please refer to (https://www.dnb.com/ca-en/utility-pages/privacy-policy.html).

This Privacy Notice does not apply Dun & Bradstreet Group entities based in the U.S. and their collection and slae of such information. In such cases, please see the privacy notice available at (https://www.dnb.com/utility-pages/privacy-policy.html).

Updated on 10th March, 2021

 

022 4941 6666
Contact us