A Transparency Tapestry for Responsible Data Processing
D&B processes data in the United States as well as in other markets in which we have operations, which we refer to as our Owned Markets. Our transfers are managed in accordance with our Consistent Standards, including the 12 Principles of our Global Cross-Border Privacy Management System Policy and our intragroup agreements, and are governed by applicable laws, adequacy decisions regarding the protections in countries in which data is received, and multilateral frameworks for transfer and protection of personal data.
We received our first certification under a regulator-recognized framework, the APEC Cross Border Privacy Rules System (CBPRs), which provides a framework for organizations to ensure protection of personal data transferred among participating APEC member economies.
D&B participates in the Global Cross Border Privacy Rules (CBPR) System. The Global CBPR Forum enables trusted data flows globally through international data protection and privacy certification.
D&B legal entities in the United States (the “D&B U.S. Entities”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. D&B has certified to the U.S. Department of Commerce that the D&B U.S. Entities adhere to the EU-U.S. DPF Principles regarding the processing of personal data received from the EEA in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF. D&B has certified to the U.S. Department of Commerce that the D&B U.S. Entities adhere to the Swiss-U.S. DPF Principles regarding the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
D&B U.S. Entities are responsible for the processing of personal data received under the DPF, and subsequently transferred to a third party acting as an agent on behalf of the D&B U.S. Entities. D&B U.S. Entities comply with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
The U.S. Federal Trade Commission has jurisdiction over D&B’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. As described in our Personal Data Sharing and Disclosure Section above, in certain situations, D&B U.S. entities may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
For Personal Data other than Employment-Related (Human Resources) Data: In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, D&B U.S. Entities commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles- related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/ to request more information or to file a complaint. These dispute resolution services are provided at no cost to you.
For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website at https://www.dataprivacyframework.gov/.
Our privacy practices at Dun & Bradstreet as set forth in this Statement, comply with the APEC Cross Border Privacy Rules System (CBPRs). The APEC CBPR system provides a framework for organizations to ensure protection of personal data transferred among participating APEC member economies. More information about CBPRs is available at https://cbprs.org. If you have an unresolved privacy or data use concern that we have not addressed to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
A copy of our standard contractual clauses referenced in other terms is available here.
There are multiple Contact Forms popups in the page. Only one Contact Form popup could be present on single page. Please reconfigure Contact Forms and refresh the page.