APPLICABILITY AND DEFINITIONS
This privacy notice applies to Dun & Bradstreet Information Services India Private Limited (“D&B”) a part of the Dun & Bradstreet Group, the world's leading source of business information and insight, which has been collecting information about businesses to deliver products and services that assist D&B’s customers in making critical commercial decisions. The Dun & Bradstreet Data Cloud contains data and insights on over 420 million organizations around the globe. Some of the information may be classified as personal information under various laws such as information relating to an individual (for example, a sole trader, a company director, a beneficial owner, a trustee, or a professional contact.) This privacy notice explains how we collect, share and protect personal information.
Further, this notice endeavors to provide an insight into D&B’s collection, use, storage, processing and handling of the business information, which may include Personal Information (“PI”) or the Sensitive Personal Data or Information (“SPDI”), in accordance with extant laws of India, including the Information Technology Act (“Act”) read with the Information Technology (Reasonable Security Practices And Procedures And Sensitive Personal Data or Information) Rules, 2011 (“Rules”).
The term “Personal Information” or PI is defined under the Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
The term “Sensitive Personal Data or Information” or SPDI is defined under the Rules to include the following information:
However, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as SPDI.
WHAT INFORMATION DOES D&B COLLECT AND WHY?
Website Visitors and Other Direct Interactions
Personal Information you provide includes name, address, telephone number, social media handle, email address, employer, job title. D&B collects personal information from website visitors and when you purchase products and services, apply for Dun & Bradstreet D-U-N-S® Numbers; subscribe to email newsletters and alerts, fill out a form / questionnaire to request additional information; participate in community forums; enter a contest; fill out a survey; access video content or white papers; receive free incentives, registers on the links to our webinars, online events (including WhatsApp events).
Personal Information collected in the scope of marketing activities comprising of your personal information may be collected when you participate in promotional activities of D&B; or when D&B conducts webinars, demand generation campaigns; or when D&B disseminates white papers, e-books or similar content; or when you click on landing pages, in the course of pay-per-click or like campaigns, and similar events and methods.
Information collected automatically through computer tracking, may comprise of information about website visitors such as IP address, browser type, or operating system, areas of the website visited and the website from which a visitor came. D&B collects and analyzes such information for the continued improvement of the products, websites, and its business. D&B routinely uses this web log information to administer and improve its website. While some of this information may be traceable to an individual, D&B only seeks to identify individuals (i) whom D&B believes are using its website for improper purposes, (ii) when necessary to assist them with their user experience, (iii) for marketing purposes, including third party marketing , (iv) or to otherwise use the information as described in this policy.
D&B analyzes IP addresses of visitors to its websites and match business information from its various databases and received from third parties against the IP addresses to learn more about what types of businesses are visiting D&B websites and the browsing preferences of such businesses on its websites. D&B uses the information derived from these analytical activities, which may be combined with non-personally identifiable behavioral information received from third parties, to better model and refine D&B’s general marketing activities and may, from time to time and to the extent permitted by law, directly market D&B products and services to these businesses based on the information D&B has learned about their browsing activities while on D&B’s websites. In addition, Hoover’s analyzes IP addresses from Hoover’s products users to match business information from our various databases and received from third parties against users’ IP addresses for D&B’s internal analytical purposes which helps D&B to increase the accuracy of the information in D&B’s various business information databases.
Information, if any, collected via Mobile Devices, providing location-based services on the mobile-optimized versions of products, may collect and use precise location data, including the real-time geographic location of your mobile device or computer. Where available, location-based services may use GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, and other technologies to determine your device’s approximate location. Location-based services, such as the mapping features, require collection of your location for the feature to work. You may withdraw consent to its collection, use, transmission, processing and maintenance of location data at any time by not using the products that use location-based features or by turning off Location Services settings (as applicable) on your device and computer.)
D&B does not respond to Do Not Track Signals
D&B does not collect credit card information falling under the definition of SPDI.
Your use of D&B website/s is also considered as consent. By using D&B websites, you hereby consent to collection, use, management, retention, and disclosure of your information by D&B as described herein.
D&B collects information through various products
D&B Email IQ:
The D&B Email IQ application helps users have more informed conversations, save time, and better prepare for meetings with seamless access to business intelligence from the Dun & Bradstreet Data Cloud, accessible through the user's email. The application uses innovative technology powered by machine learning and natural language processing to scan the prospects and customers you are interacting with to provide company firmographics, recommendations on additional contacts, and suggestions for similar companies to pursue.
When a user opts into the installation of D&B Email IQ, the application will access limited data from the emails and calendar invites the user sends and receives in their email environment. The data collected will be limited to email addresses found in the “To” and “From” fields of the emails, as well as the business card information contained in an email signature. d
Anyone whose data was collected via the D&B Email IQ application may opt out of the use of their data by calling D&B at 1-800-234-3867 or emailing firstname.lastname@example.org or at Serviceindia@helpdesk.dnb.com . For more information on D&B Email IQ, please visit our D&B Email IQ FAQs page.
D&B Hoovers maintains a separate professional contacts directory in which your company and individual business contact information may be listed. Hoover's licenses business and professional contact information to authorized resellers and third-party businesses for marketing purposes. Aggregated website visitor data may be used to determine usage patterns or interests of visitors to the website and users of our products, or for purposes related to technical support or security of the website, products and computer systems. Usage information, such as number of reports, types of reports and functions accessed by a particular UserID, may be tracked within the products. We do this to monitor authorized usage of the products, respond to questions from the user, for market research, and to improve the design and functionality of the products. We may also aggregate corporate or industry information accessed by all of our customers. We do this in order to appreciate the types of companies and industries for which our customers require information, which in turn improves the quality of the products. We do not correlate the accessed corporate or industry information to a specific user or to a particular organization.
D&B collects information on businesses and business professionals, which business information is commercial data and includes the following examples:
The afore referred commercial data may comprise of PI. D&B collects the information, including the passwords, of its customers for purpose of rendering the services subscribed by them. D&B data originates from:
The purpose of this processing is to enable businesses to manage their financial risks, protect against fraud, know who they are doing business with, meet compliance and regulatory obligations and better understand organizations, industries and markets. D&B also licenses professional business contact information for marketing and data management purposes.
HOW WE USE AND SHARE PERSONAL INFORMATION
From time to time, D&B compiles online and offline transaction and registration information for internal analyses, such as market research, quality assurance, customer experience, and operational benchmarking initiatives. D&B may use IP address information for analytical purposes and in some of our products and services.
When necessary or appropriate, we may disclose information in response to a court order, subpoena, law enforcement proceeding, regulatory inquiry or when otherwise legally required. Also, be advised that D&B sometimes receives requests (e.g., court order, subpoena, or law enforcement proceeding) for personal information from public authorities to meet national security or law enforcement requirements, or in other legal matters. In responding to those requests D&B’s response will be limited (a) to the extent necessary to meet national security, public interest, or law enforcement requirements or (b) by statute, government regulation or case law that creates conflicting obligations or explicit authorizations.
D&B uses the information that we collect to operate our websites and offer customers a variety of business and personal contact information products and services. This information may be used to help our customers make decisions related to business credit, risk management, supplier due diligence, and investigations, and marketing decisions. D&B also uses the information that it collects to carry out transactions that its customers request or authorize. D&B licenses professional business contact information to authorized resellers and third-party businesses for marketing and data management purposes.
D&B may use your professional business contact information to match it with other public and private sources in order to create segments of information, such as demographic, behavioral and technical information, extracted from the underlying data, for use by D&B and/or third parties to target advertising messages to you on third-party sites and services. You have advertising opt-out options.
D&B collects and shares personal information to help its customers with their due diligence investigations on businesses and individuals. However, D&B does not permit its customers to use its information as a factor in establishing an individual’s eligibility for credit or insurance to be used primarily for personal, family, household or employment purposes.
D&B shares information with third party service providers, such as auditors, attorneys, consultants, contractors, in order to support D&B’s websites and business operations. D&B contractually requires that these recipients only use the information for the intended purpose of the disclosure and that they destroy or return the information when it is no longer needed. D&B may also disclose the information as required or appropriate in order to protect its website, business operations or legal rights, or in connection with a sale or merger involving D&B assets or businesses.
From time to time, D&B compiles online and offline transaction and registration information for internal analyses, such as market research, quality assurance, customer experience, and operational benchmarking initiatives. D&B may use IP address information collected from customers for analytical purposes and in some of our products and services.
D&B may share your business contact information with third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your business relevant information only as necessary to provide these services to D&B. For example, some services include the following or similar services:
Akamai may have access to application traffic of D&B public websites and service offerings. This permits Akamai to provide D&B with the services of a web application firewall, providing protection against malicious use and distributed denial of service attacks.
For the purpose of providing access to certain products and services, you will be required to log into D&B’s software application using the password unique to your login. By logging into the D&B software applications you consent D&B to process your password to provide you access to the D&B products and offerings.
WHO DOES D&B SHARE THIS INFORMATION WITH?
D&B shares its commercial data, which may include PI:
D&B may also disclose PI:
Data Storage and retention:
The data is retained by D&B as per the retention period prescribed under the applicable laws of India read with D&B record retention policy. The data is at retained at D&B managed and controlled locations within and outside India.
D&B uses the business information that it obtains to produce scores and ratings. It may also carry out customized profiles for its customers, which are business entities. D&B uses highly developed scoring models and algorithms, based on previous similar circumstances, adverse events and economic forecasts to produce a score. D&B recommends to its customers on how to interpret and use the scores. D&B customers may choose to use D&B scores alone or combine the scores with other information available to them, in which latter case, D&B shall not be accountable or responsible in any manner whatsoever. D&B customers’ decision making will be based around whether to insure or market to, extend credit, acquire, trade or partner with a business. D&B scores predict whether a business is likely to continue trading, pay its bills on time, receive credit, whether they would be likely to purchase a product or service, where they benchmark within their industry or whether they are subject to any specific risks. D&B does not make any decisions about an organization, D&B neither hold blacklists nor tell the customers whether to trade with an organization or not.
If the PI is transferred to recipients outside India, D&B is required to comply with the Rules for such transfers, which requires the recipient outside India to provide the same level of data protection to the PI, as prescribed under the Rules.
If any of your information is inaccurate you have a right to request rectification. D&B is very keen to ensure the data it holds is accurate and up to date. If you object to D&B processing your information and/or request it to be deleted or restricted, D&B undertakes to ensure your interests, fundamental rights and freedoms are properly balanced against D&B’s legitimate interests. Before D&B is able to provide you with any information or correct any inaccuracies D&B may ask you to verify your identity and to provide other details to help D&B identify you and respond to your request.
Objecting to receiving direct marketing requests: D&B will always observe your objection to receiving either its marketing or to D&B passing on your contact details to third parties for their direct marketing purposes.
Notice of correction: Any organization can ask D&B to correct, remove or amend any information on their report. D&B will contact you within reasonable days of receiving your email to let you know that D&B has either removed or amended the entry, or taken no action.
For any of the above you may reach out to D&B on Serviceindia@helpdesk.dnb.com explicitly mentioning your requirement.
HANDLING CUSTOMERS’ DATA
Sometimes customers provide D&B along with their business information, information on their customers, suppliers or prospects, which may contain PI, for purpose of providing them with the required services. D&B handles such information that its customers provide in accordance with the agreement/s executed between D&B and such customers for the purposes as contemplated under such agreement/s.
D&B maintains commercially reasonable security measures to protect personal information against unauthorized access and disclosure and that are consistent with D&B’s business operations and generally accepted industry standards. These measures include the implementation of technical, physical and administrative security safeguards. D&B requires employees to complete privacy and security training. D&B also implements a third-party service provider due diligence program to ensure that its vendors likewise employ adequate data collection, processing, transfer, management and security measures in carrying out their services on its behalf.
D&B does not necessarily control how you send D&B your personal information. Therefore, D&B cannot always ensure or warrant the security of any information that you transmit to D&B. You agree that you provide this information and engage in such transmissions at your own risk. Once D&B receives information from you, it will endeavor to maintain its security on its systems. D&B has established policies and procedures for securely managing information and protecting data against unauthorized access and to continually assess its data privacy, information management and data security practices. D&B complies with the security principles and controls located at https://www.dnb.com/about-us/company/our-security.html. D&B does this in the following ways:
UPDATING THIS PRIVACY NOTICE
D&B strives for continuous improvement in its services, processes and protecting PI. D&B will therefore update this privacy notice from time to time. Therefore, D&B advises you to check this notice on a regular basis.
All complaints or concerns and appropriate resolution relating to the practices of handling PI may be sent on Serviceindia@helpdesk.dnb.com and a copy thereof may be posted to Legal & Compliance Team at Dun & Bradstreet Information Services India Private Limited, 7th Floor, Godrej BKC, Bandra (East), Mumbai – 400 051.
OTHER DUN & BRADSTREET GROUP ENTITIES
This Privacy Notice does not apply Dun & Bradstreet Group entities outside of India. The privacy notices of the Dun & Bradstreet Group entities outside of India is available at https://www.dnb.com/utility-pages/privacy-policy.html.
For more information regarding this Privacy Notice, you can contact:
Legal & Compliance Team
Dun & Bradstreet Information Services India Private Limited
7th Floor, Godrej BKC, Bandra Kurla Complex, Bandra East, Mumbai – 400 051
This Privacy Notice shall be effective from 25th February 2022.