Updated Effective: May 9, 2023
PRIVACY POLICY
Duquesne Light Company (“DLC”) takes seriously its responsibility to protect its Customers’ information. Accordingly, DLC has developed this Privacy Policy (“Policy”) to explain how it collects, uses, shares, stores and protects Customer Information. This Policy also provides information about the DLC website and mobile applications. For purposes of this Policy, “You” or “Your” refers to any person who accesses or uses DLC’s services or those granted access to such account or services.
DEFINITIONS
Customer: As used in this Policy, a Customer is any person whose Customer Information is collected through any interaction with DLC, including utility account holders, visitors to DLC’s website, and users of DLC mobile application accounts.
Customer Information: A Customer’s Personally Identifiable Information or Consumer-specific Energy Usage Data.
Personally Identifiable Information (“PII”): Information that, when used alone or combined with other information, can be used to identify, distinguish, trace or link to a specific Customer. Examples of PII include name, address, Social Security number, telephone number, driver’s license and state-issued identification numbers, credit card and financial account numbers, utility account number, passport number, and date and place of birth.
Consumer-specific Energy Usage Data (“CEUD”): Information about a Customer’s energy usage (including smart meter readings) when associated with any information that can reasonably be used to identify the Customer.
Service Provider: A third party operating under an agreement with DLC to provide products or services to or on behalf of DLC that are reasonably necessary for DLC’s business operations. All Service Providers are subject to confidentially agreements to protect Customer Information and may not use Customer Information for any purpose other than the purposes specifically agreed to by DLC. Service Providers include, but are not limited to, third parties that provide services relating to electronic bill payment, debt collection, credit card processing, market research and data analysis.
Business Partner: A third party operating under an agreement with DLC to offer products, services, or benefits to eligible DLC Customers related to the Customers’ energy usage or for which the Customers are eligible as DLC utility account holders. All Business Partners are subject to confidentially agreements to protect Customer Information and may not use Customer Information for any purpose other than the purposes specifically agreed to by DLC. Business Partners may include, but are not limited to, third parties offering optional protection plans or programs covering exterior electrical system components.
HOW DLC COLLECTS AND USES CUSTOMER INFORMATION
DLC collects Customer Information in various ways, including information voluntarily provided by Customers to DLC to open electric utility accounts, to determine their eligibility to participate in certain energy programs or services, or to create or modify their online utility accounts. Customer Information is also collected when a Customer contacts DLC by phone, e-mail, on a job site or other means, when Customers use DLC’s online or mobile Customer services, and when any computer or mobile device user visits the DLC website (www.duquesnelight.com) or mobile application. DLC also collects CEUD through its metering system and through Customers’ participation in DLC programs, including but not limited to, energy efficiency, demand response and renewable or alternative energy programs. DLC may obtain information if You choose to access or create an account using your credentials from a third-party social media account, including information from third-party social media accounts and information about other users of Your account if you allow others to access and/or use Your accounts or services.
DLC collects only the minimum necessary Customer Information and uses the Customer Information it collects so it can effectively service its Customers, manage its business operations, and meet its legal, regulatory and compliance obligations. Such usage includes:
- Providing requested products or services;
- Communicating with Customers about their service;
- Billing Customers for services provided and collecting payment;
- Responding to Customers’ questions;
- Improving operational efficiency and Customer service;
- Enhancing fraud monitoring and prevention;
- Developing and promoting special programs, such as energy conservation, demand response, energy efficiency, and Customer assistance;
- Conducting market research and analysis;
- Associating You with Your account or activities on third-party social media accounts, such as Facebook or Google, or other third-party accounts to DLC, for authentication to the extent You choose to access or create an account using your credentials from a third-party social media account;
- Responding to requests from regulatory agencies, including the Pennsylvania Public Utility Commission (the “PA PUC”) and the Federal Energy Regulatory Commission; and
- Complying with a valid warrant, subpoena, discovery request, or court order.
HOW DLC SHARES CUSTOMER INFORMATION
DLC shares Customer Information with third parties, including other users on your account, as required or permitted by law or for legitimate business purposes, including, but not limited to, the following:
- DLC may share Customer Information when reasonably necessary to comply with an order or direction from the PA PUC. For example, DLC is required by the PA PUC to share certain Customer Information with third party electricity suppliers to enable them to offer DLC Customers electricity at competitive rates.
- DLC may disclose Customer Information when required by law or to comply with a judicial proceeding, a subpoena, a court order, or other legal process.
- Unless otherwise prohibited by law, DLC may share Customer Information with DLC affiliates or subsidiaries.
- DLC may share Customer Information with Service Providers working with, or on behalf of, DLC in connection with DLC business operations.
- DLC may share Customer Information with third parties as part of a corporate reorganization, sale, merger, acquisition, or other corporate transaction.
- DLC may share Customer Information with third-party social media accounts for authentication purposes for those Customers who choose to access or create an account using their credentials from a third-party social media account.
- DLC may disclose any information about your account, Customer Information, and use of DLC’s services to authorized users upon appropriate authentication. The primary account owner may also authorize other users to access Customer Information on the account, such as users of a given household, which may include Customer Information about the primary account owner's personal information or use of the services.
DLC otherwise only shares Customer Information with third parties upon Customer request or in accordance with Customer choices regarding the use and disclosure of their information. Unless a Customer’s privacy choices or applicable law or regulation provide otherwise, DLC may share Customer Information (not including Customer telephone numbers) with Business Partners for the purposes of offering products, services, or benefits to DLC Customers related to their energy usage, which the Customer may be interested in, or for which the Customer may be eligible. [1] Nothing in this Privacy Policy, however, shall limit the rights of any Customer under the PA PUC or other applicable regulations to restrict the release of their Customer Information. Accordingly, customers who do not wish to have their Customer Information shared with a DLC Business Partner can opt-out of such information sharing by contacting a DLC Customer Service Representative as provided below.
In the event DLC reaches an agreement in principle to sell or otherwise transfer its assets as part of a merger or acquisition, and DLC discloses Customer Information to other parties in the transaction, this Privacy Policy will still apply to such Customer Information unless notice of a changed Privacy Policy is provided by the purchaser and, to the extent that consent is required for a new proposed use, appropriate consent is given.
HOW DLC PROTECTS AND STORES CUSTOMER INFORMATION
DLC has implemented reasonable and appropriate administrative, technical, and physical safeguards, as well as third party management controls and limitations on data shared, designed to protect Customer Information from unauthorized access, use, modification, or disclosure. While no set of controls can provide absolute security, these measures reflect DLC’s commitment to protecting the privacy of Customer Information. DLC will retain Customer Information for as long as is reasonably necessary to meet its business needs and regulatory and compliance obligations.
AGGREGATE AND PUBLIC INFORMATION
DLC may aggregate multiple Customers’ CEUD in various formats so that individual Customer’s CEUD remains anonymous. Similarly, DLC maintains certain non-privileged, publicly available information about its Customers. This information may include general characteristics of Customers’ total load and generation mix as well as general information regarding rates and Customer participation in various programs.
This aggregated information and public information relates to electricity usage of groups of Customers or broad categories of Customers (for example, industrial business or residential Customer categories). The information is collected from a sufficiently large group of Customers so as to make it highly improbable that the third party receiving such information could deduce the identities or electricity usage of individual Customers.
DLC uses this information for various purposes, including analyzing rates and rate structures, evaluating energy usage demand needs, and determining potential changes within a geographic area. This aggregated and public information is not considered Customer Information and is not covered by this Privacy Policy.
INFORMATION ABOUT THE DLC WEBSITE AND MOBILE APPLICATIONS
DLC may automatically collect certain information from visitors to the DLC website (www.duquesnelight.com) and users of the DLC mobile application including browser information, domain names, the date and time a visitor accesses the website or mobile application, information viewed while visiting the website or mobile application, carrier providers, a unique identifier (a string of alphanumeric characters (similar to a serial number) used to uniquely identify and distinguish each mobile phone or other wireless communication device), geo-location information (if allowed by the user), the types of mobile devices accessing the mobile applications, and the types of operating systems accessing the mobile applications. This information is used for statistical purposes, to measure the use of the website or mobile application, to improve its content and DLC’s customer service, and to diagnose and correct technical problems. Some DLC website pages may use “cookies.” A cookie is a piece of data stored on a visitor’s computer that helps DLC improve access to the site, make it more user friendly, and customize certain information. If desired, visitors should follow their browser’s instructions to delete or block cookies.
DLC also may administer online surveys from the DLC website or mobile application to gather information about its Customers and their use of energy or related products and services, or to obtain Customer views on other matters to help DLC provide better service to its Customers. Participation in these surveys is voluntary.
The DLC website and mobile application may contain links to other websites or mobile applications that may be of interest or benefit to its Customers and others. DLC is not responsible for the content or privacy practices of these other websites or mobile applications. DLC may transfer Customer Information to websites or mobile applications operated by Service Providers or Business Partners.
Accessing DLC mobile application using biometric authentication tools
Customers may choose to access their DLC mobile application account using Face ID or Touch ID (Apple), Trusted Face or Fingerprint (Android), or other biometric authentication tools available to them through their mobile device. Currently, the DLC mobile application is available for download in the Apple App Store and Google Play store and is designed to work with Apple’s Face ID and Touch ID, as well Android’s Trusted Face and Fingerprint biometric authentication tools (“Biometric Authentication Tools”). Customers can access their DLC account through the DLC mobile application using the Biometric Identification Tools if (i) their mobile device supports the Biometric Authentication Tools, and (ii) they enable the Biometric Authentication Tools functionality on their mobile device and confirm that they want to use the Biometric Authentication Tools to sign into their DLC account through the DLC mobile application.
Face ID and Touch ID are authentication tools provided by Apple and are governed by Apple’s policies related to their use. Apple’s policies and information concerning Face ID can be accessed here, and Apple’s policies and information concerning Touch ID can be accessed here. Similarly, Trusted Face and Fingerprint are authentication tools offered on many Android mobile devices and are governed by Android’s security best practices and policies, accessible here.
DLC has no control over the Biometric Authentication Tools and does not have access to any Customer biometric data that may be retained by such tools. DLC is not responsible for any issues arising from a Customer’s decision to use the Biometric Authentication Tools to access his or her DLC account, and DLC shall not be liable for any unauthorized access to or unauthorized use of a Customer’s biometric data or other Customer Information that is caused by a Customer’s use of the Biometric Authentication Tools.
CHILDREN’S INFORMATION
DLC’s website, www.duquesnelight.com, and DLC’s mobile application service are not directed to children, and do not sell products or services for purchase by minors. DLC may collect and maintain information pertaining to minor children when required for customer assistance programs or other customer service purposes, however, DLC does not knowingly collect personal information directly from children under the age of 13.