Effective Date: January 17, 2019
For these purposes, PII is defined as information which, by itself, identifies a specific person or provides sufficient information to contact a person. CEUD is information about a customer’s energy usage when associated with any information that can reasonably be used to identify the customer. CEUD is collected by DLC’s metering system and through customers’ participation in energy efficiency programs, renewable energy programs, and demand side management.
DLC collects and retains Customer Information that is reasonably necessary for DLC to service its customers, effectively manage its business operations, and meet its regulatory and compliance obligations.
As required by the Pennsylvania Public Utility Commission (PAPUC), DLC provides Customer Information to third party electricity suppliers to enable them to offer DLC customers electricity at competitive rates.
Unless otherwise prohibited by law, DLC may share Customer Information with third parties with whom it has a business relationship, such as affiliate companies, business partners, and contractors, or when that information is reasonably necessary for DLC business operations, such as:
- Answering a customer inquiry, including through an agent, attorney or legislative representative
- Providing or supporting a requested product or service
- Fulfilling the operational needs of the electrical system or grid
- Providing services as required by state or federal law or as authorized, ordered, or directed by the PAPUC or by other regulatory entities
- Providing or billing for electrical service, including the collection of payment
- Investigating, resolving and managing legal claims
- Responding to PAPUC questions or concerns Planning, operating, and evaluating special programs, such as energy conservation, demand response, energy efficiency, or customer assistance
DLC may collect and maintain information pertaining to children under the age of 13 when required for customer assistance programs or other business purposes; however, such information is not knowingly collected from minors directly.
DLC may disclose Customer Information when required by law or to comply with a judicial proceeding, a subpoena, a court order or other legal process. DLC also may disclose Customer Information when reasonably necessary to comply with an order or direction from the PAPUC. DLC will disclose customer information with an authorization or request from the customer.
DLC has implemented administrative, technical, and physical safeguards, as well as third party management controls and limitations on data shared, designed to protect Customer Information from unauthorized access, use, modification, or disclosure. While no set of controls can provide absolute security, these measures reflect the value that DLC places on Customer Information. DLC will retain Customer Information for as long as is reasonably necessary to meet its business needs and regulatory and compliance obligations.
AGGREGATE AND PUBLIC INFORMATION
DLC may aggregate multiple customers’ CEUD in various formats so that individual customer’s CEUD remains anonymous. Similarly, DLC maintains certain non-privileged, publicly available information about its customer base. This information may include general characteristics of the DLC customers’ total load and generation mix as well as general information regarding rates and customer participation in various programs.
This aggregated information and public information relates to electricity usage of groups of customers or broad categories of customers (e.g. industrial business, residential, etc.). The information is collected from a sufficiently large group of customers so as to make it highly improbable that the third party receiving such information could deduce the identities and/or electricity usage of individual customers.
INFORMATION ABOUT THE DLC WEBSITE AND MOBILE APPLICATION
DLC automatically collects certain information from visitors to the DLC website and users of the DLC mobile application, including browser information, domain names, the date and time a visitor accesses the website or mobile application, information viewed while visiting the website or mobile application, carrier providers, a unique device identifier (a string of alphanumeric characters (similar to a serial number) used to uniquely identify and distinguish each mobile phone or other wireless communications device.), geo-location information (if allowed by the user), the types of mobile devices accessing the mobile application, and the types of operating systems accessing the mobile applications. This information is used for statistical purposes, to measure the use of the website or mobile application, to improve its content and DLC’s customer service, and to diagnose and correct technical problems. Some DLC website pages may use “cookies.” A cookie is a piece of data stored on a visitor’s computer that helps DLC improve access to the site and make it more user friendly and customize information. If desired, visitors should follow their browser’s instructions to delete and/or block cookies.
DLC also may administer surveys from the DLC website or mobile application to gather information about its customers and their use of energy or related products and services, or to obtain customer views on other matters to help DLC provide better customer service. Participation in these surveys is voluntary.
The DLC website and mobile application may contain links to other websites or mobile applications that may be of interest or benefit to its customers and others. DLC is not responsible for the content or privacy practices of these other websites or mobile applications.
Accessing DLC mobile application using biometric authentication tools.
Customers may choose to access their DLC mobile application account using Face ID or Touch ID (Apple), Trusted Face or Fingerprint (Android), or other biometric authentication tools available to them through their mobile device. Currently, the DLC mobile application is available for download in the Apple App Store and Google Play store and is designed to work with Apple’s Face ID and Touch ID, as well Android’s Trusted Face and Fingerprint biometric authentication tools (“Biometric Authentication Tools”). Customers can access their DLC account through the DLC mobile application using the Biometric Identification Tools if (i) their mobile device supports the Biometric Authentication Tools, and (ii) they enable the Biometric Authentication Tools functionality on their mobile device and confirm that they want to use the Biometric Authentication Tools to sign into their DLC account through the DLC mobile application.
Face ID and Touch ID are authentication tools provided by Apple and are governed by Apple’s policies related to their use. Apple’s policies and information concerning Face ID can be accessed here, and Apple’s policies and information concerning Touch ID can be accessed here. Similarly, Trusted Face and Fingerprint are authentication tools offered on many Android mobile devices and are governed by Android’s security best practices and policies, accessible here.
DLC has no control over the Biometric Authentication Tools and does not have access to any customer biometric data that may be retained by such tools. DLC is not responsible for any issues arising from a customer’s decision to use the Biometric Authentication Tools to access his or her DLC account, and DLC shall not be liable for any unauthorized access to or unauthorized use of a customer’s biometric data or other Customer Information that is caused by a customer’s use of the Biometric Authentication Tools.
CHANGES AND INFORMATION