The creation of knowledge supports Dun & Bradstreet’s core purpose
Applicability and definitions
This privacy notice applied to Dun & Bradstreet Information Services India Private Limited (“D&B”) a part of the Dun & Bradstreet Group, the world's leading source of business information and insight, which has been collecting information about businesses to deliver products and services that assist D&B’s customers in making critical commercial decisions.
This notice endeavors to provide an insight into D&B’s collection, use, storage, processing and handling of the business information, which may include Personal Information (“PI”) or the Sensitive Personal Data or Information (“SPDI”), in accordance with extant laws of India, including the Information Technology Act (“Act”) read with the Information Technology (Reasonable Security Practices And Procedures And Sensitive Personal Data or Information) Rules, 2011 (“Rules”).
The term “Personal Information” or PI is defined under the Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
The term “Sensitive Personal Data or Information” or SPDI is defined under the Rules to include the following information:
However, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as SPDI.
What information does D&B collect and why?
D&B collects information on businesses and business professionals, which business information is commercial data and includes the following examples:
The afore referred commercial data may comprise of PI. D&B collects the information, including the passwords, of its customers for purpose of rendering the services subscribed by them.
D&B data originates from:
The purpose of this processing is to enable businesses to manage their financial risks, protect against fraud, know who they are doing business with, meet compliance and regulatory obligations and better understand organizations, industries and markets. D&B also licenses professional business contact information for marketing and data management purposes.
Who does D&B share this information with?
D&B shares its commercial data, which may include PI:
D&B may also disclose PI:
D&B uses the business information that it obtains to produce scores and ratings. It may also carry out customized profiles for its customers, which are business entities. D&B uses highly developed scoring models and algorithms, based on previous similar circumstances, adverse events and economic forecasts to produce a score. D&B recommends to its customers on how to interpret and use the scores. D&B customers may choose to use D&B scores alone or combine the scores with other information available to them, in which latter case, D&B shall not be accountable or responsible in any manner whatsoever. D&B customers’ decision making will be based around whether to insure or market to, extend credit, acquire, trade or partner with a business. D&B scores predict whether a business is likely to continue trading, pay its bills on time, receive credit, whether they would be likely to purchase a product or service, where they benchmark within their industry or whether they are subject to any specific risks. D&B does not make any decisions about an organization, D&B neither hold blacklists nor tell the customers whether to trade with an organization or not.
If the PI is transferred to recipients outside India, D&B is required to comply with the Rules for such transfers, which requires the recipient outside India to provide the same level of data protection to the PI, as prescribed under the Rules.
If any of your information is inaccurate you have a right to request rectification. D&B is very keen to ensure the data it holds is accurate and up to date. If you object to D&B processing your information and/or request it is deleted or restricted, D&B undertakes to ensure your interests, fundamental rights and freedoms are properly balanced against D&B’s legitimate interests. Before D&B is able to provide you with any information or correct any inaccuracies D&B may ask you to verify your identity and to provide other details to help D&B identify you and respond to your request.
Objecting to receiving direct marketing requests: D&B will always observe your objection to receiving either its marketing or to D&B passing on your contact details to third parties for their direct marketing purposes.
Notice of correction: Any organization can ask D&B to correct, remove or amend any information on their report. D&B will contact you within reasonable days of receiving your email to let you know that D&B has either removed or amended the entry, or taken no action.
For any of the above you may reach out to D&B on ServiceIndia@DNB.com explicitly mentioning your requirement.
Handling Customers’ data
Sometimes customers provide D&B along with their business information, information on their customers, suppliers or prospects, which may contain PI, for purpose of providing them with the required services. D&B handles such information that its customers provide in accordance with the agreement/s executed between D&B and such customers for the purposes as contemplated under such agreement/s.
D&B maintains commercially reasonable security measures to protect personal information against unauthorized access and disclosure and that are consistent with D&B’s business operations and generally accepted industry standards. These measures include the implementation of technical, physical and administrative security safeguards. D&B requires employees to complete privacy and security training. D&B also implements a third-party service provider due diligence program to ensure that its vendors likewise employ adequate data collection, processing, transfer, management and security measures in carrying out their services on its behalf.
D&B does not necessarily control how you send D&B your personal information. Therefore, D&B cannot always ensure or warrant the security of any information that you transmit to D&B. You agree that you provide this information and engage in such transmissions at your own risk. Once D&B receives information from you, it will endeavor to maintain its security on its systems. D&B has established policies and procedures for securely managing information and protecting data against unauthorized access and it continually assess its data privacy, information management and data security practices. D&B does this in the following ways:
Updating this Privacy Notice
D&B strives for continuous improvement in its services, processes and protecting PI. D&B will therefore update this privacy notice from time to time. Therefore, D&B advises you to check this notice on a regular basis.
All complaints or concerns and appropriate resolution relating to the practices of handling PI may be sent on ServiceIndia@DNB.com and a copy thereof may be posted to Legal & Compliance Team at Dun & Bradstreet Information Services India Private Limited, ICC Chambers, Saki Vihar Road, Powai, Mumbai - 400 072.
Other Dun & Bradstreet Group Entities
This Privacy Notice does not apply to Dun & Bradstreet Group companies based in the European Union or the United Kingdom, or when any Dun & Bradstreet Group company processes data relating to residents of the European Union under the General Data Protection Regulation (“GDPR”). In such cases please see the EU and UK Privacy Notice (https://www.dnb.co.uk/utility-pages/privacy-policy.html).
This Privacy Notice does not apply to Dun & Bradstreet Group companies based in the People’s Republic of China, and their collection and sale of such information. In such cases, please see the China Privacy Notice (https://www.dnbchina.com/privacy.html).
This Privacy Notice does not apply to Dun & Bradstreet Group Companies based in Canada and their collection and sale of personal information. In such cases, please refer to (https://www.dnb.com/ca-en/utility-pages/privacy-policy.html).
This Privacy Notice does not apply Dun & Bradstreet Group entities based in the U.S. and their collection and slae of such information. In such cases, please see the privacy notice available at (https://www.dnb.com/utility-pages/privacy-policy.html).
Updated on 10th March, 2021