“To talk to customers, talk to us.”

D&B Data: Privacy & Oversight

Data Privacy & Oversight Is Important To Us

MailingListsXPRESS, a unit of Infinite Media Concepts, is a Dun & Bradstreet partner, and as such has access to all D&B business databases. As processor of the data, we share the same sense of responsibility to maintain world-class standards regarding data stewardship and privacy, including full GDPR compliance.

Since 1993, we have delivered D&B business data to our customers in the B2B direct marketing sphere. The global business database contains more than 300 million business records. Some of the information in the business records may be classified as personal information under various laws such as information relating to an individual (e.g. a sole trader, a partnership, a company director, a beneficial owner, a trustee, a professional contact.)

This privacy notice explains how D&B business data is protected and proper use is ensured.

Applicability – Legal Entities and Websites

This Privacy Notice does not apply to MailingListsXPRESS/UK, or when any Infinite Media Concepts LLC company processes data relating to residents of the European Union. In such cases please see the MailingListsXPRESS/UK Privacy Notice, including GDPR compliance, which follows. This Privacy Notice also covers transfers of data relating to residents of the European Union to the United States pursuant to Dun & Bradstreet’s Privacy Shield certification.

This Privacy Notice applies to the following Infinite Media Concepts companies and web domains: Mailinglists.com, MailingListsXPRESS.com, and Infinite-Media.com. These entities and lines of business will be referred to collectively as “Infinite Media” in this notice.

These sites may provide links to U.S. D&B, non-U.S. D&B, and non-Infinite Media websites that may have different privacy notices. Visitors are encouraged to carefully read the online privacy notices of these other websites to ensure that their practices and the relevant distinctions are understood.

What Information Is Collected

Dun & Bradstreet collects information on businesses and business professionals. This includes information collected offline from business owners and principals, from businesses’ creditors, vendors, third parties and suppliers, and from public records such as business registrations, Uniform Commercial Code filings and bankruptcy filings. MDR collects information on educational institutions and professionals. Dun & Bradstreet has a right to publish information on businesses that may be a factor in our customers’ decision making involving credit, insurance, marketing and other activities. The business information that is collected includes the following:

  • Company and business professional information, including business contact information such as name, title, address, phone number, fax number, and e-mail address, domain names, and trade associations
  • Detailed company profiles and statistics, including number of employees
  • Background information regarding company management, such as beneficial ownership/persons of significant control, the educational and career histories of company principals
  • Company operational histories, including territories, subsidiaries, affiliates, and lines of business
  • Detailed trade and business credit information, including payment histories and patterns
  • Summary business information regarding profitability, debts, assets, net worth, and business relationships
  • Business compliance information from public source government and professional records, media and business publications
  • Educational institutional profiles and statistics, including educational subject matter specialties and number of employees
  • Background information regarding educational institutional management, such as the educational and career histories of school deans and principals
  • IP addresses, geolocation, comments on social media is collected and aggregated and used to analyze trends regarding Dun & Bradstreet products and services
  • Credit/debit card information in order to process certain customer payments
Privacy Shield – Transfers of Personal Information from the EU/EEA & Switzerland to the U.S.

Infinite Media Concepts and its legal entities comply with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively.

In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to Privacy Shield, Infinite Media Concepts may be potentially liable. Infinite Media Concepts Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our pending certification, please visit https://www.privacyshield.gov/

NOTE: In the event that the recipient of an offer sent by a third party user of D&B data wishes to be suppressed from subsequent B2B campaigns, they may submit that request directly on the Dun & Bradstreet website.

MailingListsXPRESS/EU Privacy Notice – GDPR Compliance

Some of the information D&B collects may be classified as “personal data” under European Union (EU) law as it is information relating to an individual (e.g. a sole trader, a partnership, a company director, a beneficial owner, a trustee, a professional contact etc). This privacy notice provides the information we are required to give in relation to the processing of personal data under EU law.

This privacy notice is produced in accordance with the General Data Protection Regulation 2016/679 and applies to all Dun & Bradstreet companies and partners – including MailingListsXPRESS/UK as processor – registered in the EU and those outside the EU when they carry out business information activities on residents of the EU or offer goods or services to businesses in the EU. The Data Protection Officer for D&B can be contacted on EUDPO@dnb.com.

What Information Does D&B Collect, And Why?

D&B processes data so that it can supply commercial data about organizations to other organizations. The purpose of this processing is to enable businesses to manage their financial risks, protect against fraud, know who they are doing business with, meet compliance and regulatory obligations and better understand organizations, industries and markets.

D&B also licenses or sells professional business contact information for marketing and data management purposes. This is the primary business of MailingListsXPRESS/UK.

Therefore D&B collects information on businesses and business professionals. This “Commercial Data” includes the following examples:

  • Company and business professional contact information, including name, job title, address, phone number, fax number, e-mail address, domain names, and trade associations
  • Detailed company profiles and statistics, including number of employees
  • Background information regarding company management, such as beneficial ownership/persons of significant control, the educational and career histories of company principals
  • Company operational histories, including territories, subsidiaries, affiliates, and lines of business
  • Detailed trade and business credit information, including payment histories and patterns
  • Business information regarding profitability, debts, assets, net worth, and business relationships
  • Business compliance information from public source government and professional records, media and business publications
  • Newspaper and media reports of criminal convictions

D&B does not seek to collect any information in relation to a European resident’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic or biometric data.

D&B Data originates from:

  • Organizations providing information directly to D&B
  • Creditors and suppliers of an organization
  • Data vendors
  • Governmental and administrative public records such as business registrations, company filings, court and bankruptcy filings
  • Public sector information (e.g. Charity Commission, Company Registrars)
  • Regulatory bodies and law enforcement agencies
  • D&B World Wide Network Partners

Unless customers have explicitly agreed otherwise, personal data is not obtained from the data customers supply in order to be provided with a service. Data that customers have provided in order to receive a service is processed in accordance with the “Handling Customer’s Data” section below.

With Whom Is This Information Shared?

Collected Commercial Data (that may include personal data) is shared with:

  1. Worldwide Network Partners – independent business information providers across the world who have entered into commercial agreements with D&B to help achieve a leading competitive position internationally in providing business information.
  2. Customers – businesses and organizations who have agreed to license or access D&B data. Customers enter into these agreements or licenses with D&B because they wish to manage their financial risks, protect against fraud, know who they are doing business with, meet compliance and regulatory obligations, better understand organizations, industries and markets or carry out direct marketing.
  3. Resellers – D&B licenses information to authorized resellers – such as Infinite Media – and third party businesses for reselling.
  4. Service providers – such as credit card processors, auditors, advisors, consultants, live help/chat providers and contractors, in order to support Dun & Bradstreet’s websites and business operations. D&B contractually requires these recipients to only use personal data for the intended purpose of the disclosure and that they destroy or return it when it is no longer needed.

D&B may also disclose personal data:

  • As required or appropriate in order to protect our website, business operations or legal rights, or in connection with a sale or merger involving D&B assets or businesses. (In the event that D&B is purchased or sells parts or all of the business, the information collected will be considered an asset that can be transferred).
  • To a court, tribunal administrative authority law enforcement agencies, regulatory authorities or government agencies. If based in a country outside the EU D&B would only comply with such a request if there was an international agreement (such as a mutual legal assistance treaty) in place.
Profiling

D&B obtains information in order to produce scores and ratings such as D&B’s Failure and Delinquency Scores, the D&B Rating, D&B’s Maximum Credit and the D&B Payment Score. Customized profiles for customers may also be carried out. Highly developed scoring models and algorithms are used, based on previous similar circumstances, adverse events and economic forecasts to produce a score.

Customers get recommendations regarding how to interpret and use these scores. Customers may choose to use D&B-generated scores alone or combine the scores with other information available to them. Their decision making will be based around whether to insure or market to, extend credit, acquire, trade or partner with a business. D&B scores predict whether a business is likely to continue trading, pay its bills on time, receive credit, whether they would be likely to purchase a product or service, where they benchmark within their industry or whether they are subject to any specific risks. D&B does not make any decisions about an organization – nor does it hold blacklists or tell our customers whether to trade with an organization.

International transfers

D&B transfers personal data to recipients outside the EU and relies on adequacy decisions, data transfer agreements or other EU approved mechanisms for such transfers. Dun & Bradstreet Inc is certified with the Privacy Shield and ensures all its customers agree to the Privacy Principles. If further information is required on this please contact the Data Protection Officer on EUDPO@dnb.com.

Data Retention

Personal data is stored for varying lengths depending on the nature and purpose for which it was collected. D&B stores personal data in line with any applicable statutory minimum periods, and then reviews it periodically (usually annually) to ensure it is still necessary to be retained for the purpose for which it was collected. Where there is a statutory maximum for which data can be retained, such as County Court Judgements such data will be deleted accordingly on expiration.

Grounds of Processing

In technical legal terms Infinite Media processes personal data under the ground of “legitimate interest”. This legitimate business interest is the supply of commercial data to customers. The purpose of this processing is to enable businesses to manage their financial risks, protect against fraud, know who they are doing business with, meet compliance and regulatory obligations and better understand organizations, industries and markets. Infinite Media/MailingListsXPRESS also licenses or sells professional business contact information to authorized resellers or organizations for marketing and data management purposes.

Data Subject Rights

Data subjects have the right to request from Infinite Media/D&B confirmation of whether personal data is being processed, and if so access that information. If any of your personal data is inaccurate subjects have a right to request rectification. Infinite Media and D&B are dedicated to ensuring the data is accurate and up to date. Please visit this link for further information about how to request access to your information. This may take up to 28 days, however you may be able to obtain specific information about your personal data immediately by contacting Customer Services.

Data subjects have the right to object to processing of personal data and/or request it is deleted or restricted. In considering any response D&B strives to ensure personal interests, fundamental rights and freedoms are properly balanced against legitimate interests. D&B will also look at whether it is still necessary to process a subject’s data for the purpose it was collected. Please contact Customer Services for more information.

Before D&B is able to provide any information or correct any inaccuracies we may ask to verify the identity of a subject and to provide other details to help with identification and response to the request.

Objecting To Receiving Direct Marketing

Infinite Media/D&B will always observe your objection to receiving either our Dun & Bradstreet marketing or to the passing on of contact details to third parties for their direct marketing purposes: Subjects can either contact Customer Services including the name, business name, address, telephone number and email address to be excluded, or do this by following these links:

Click here to opt out of receiving information about Dun & Bradstreet products and services

Click here to opt out of receiving information from our customers

For further assistance, contact D&B’s data protection officer at any time on EUDPO@dnb.com.

Additional Rights In Relation To Credit Reporting
Statutory Report

If an organization is unincorporated (e.g a sole trader) or a small partnership (up to 3 partners) a copy of your credit report may be obtained based on the information we hold about that organization. Again we may ask that certain information be provided to allow identification of the correct file. This privacy notice applies to how we collect and how Infinite Media/D&B use the information provided to process an application for a statutory credit report.

Notice Of Correction

Any organization can ask Infinite Media/D&B to correct, remove or amend any information on their report by contacting Customer Services. Applicants will be contacted within 28 days of receiving the email inquiry to be informed that the entry has either been removed or amended, or that no action was taken. If D&B has amended the file, a copy of the amended entry will be provided.

Within 28 days of us contacting you, you may contact us again to ask us to add a notice of correction to your file (unless we have told you we have removed the incorrect entry from your file). If you want to do this, you will need to send us your notice of correction (up to 200 words). We will then confirm receipt and let you know that we will add the notice to the file. If you do not hear from us within 28 days, or we think it would be improper to publish the notice of correction (for example, because it is incorrect), then either you or we may apply to the Financial Conduct Authority (if you are a sole trader, small partnership or unincorporated association) or the Information Commissioner, (where the error relates to personal data about an individual) as appropriate, who may order as they see fit. There is a statutory fee and prescribed form for this.

Please click here for complaints relating to our credit scoring.

Handling Our Customers’ Data

Sometimes customers provide their business data, such as their customer, supplier or prospect data – which may contain personal data – in order for Infinite Media/D&B to provide them a service. In these instances Infinite Media/MailingListsXPRESS/D&B are the processor of any personal data contained in their data. Different parts of the GDPR apply when we act as a processor and we take these obligations very seriously. The above notice does not apply to our data received from our customers as this does not become D&B data (unless the customer has expressly agreed to this). The data customers provide is handled in strict accordance with our data processing agreement – and only for the purposes of that agreement.

Updating This Privacy Notice

We strive for continuous improvement in our services, processes and protecting data subject rights. We will therefore update this privacy notice from time to time. Therefore, we advise you to check this notice on a regular basis, or if requested we will send it to you on a regular basis. We are also happy to provide previous versions of this Notice on request.

Complaints

All complaints or concerns and appropriate resolution relating to the practices of handling personal information will be logged. Any complaints of this nature should be made to Customer Services“>Customer Services or the EU Data Protection Officer at EUDPO@dnb.com at:

Dun & Bradstreet Limited
Marlow International Parkway
Marlow
Bucks SL7 1AJ

You also have the right to lodge a complaint with a data protection supervisory authority.

For all other complaints, including complaints relating to credit scoring please visit this link: https://www.dnb.co.uk/customer-complaints.html