Effective Date: January 17, 2019
Duquesne Light Company (DLC) values its customers and takes seriously its responsibility to protect its customer data. This Privacy Policy applies directly to DLC and its employees, and also sets forth DLC’s expectations with respect to its business partners, agents, contractors, and affiliates.
DLC has developed this Privacy Policy to help its customers understand how it accesses, collects, stores, uses, and discloses Customer Information, including personally identifiable information (PII) and consumer-specific energy usage data (CEUD), collectively referred to as Customer Information.
For these purposes, PII is defined as information which, by itself, identifies a specific person or provides sufficient information to contact a person. CEUD is information about a customer’s energy usage when associated with any information that can reasonably be used to identify the customer. CEUD is collected by DLC’s metering system and through customers’ participation in energy efficiency programs, renewable energy programs, and demand side management.
DLC collects and retains Customer Information that is reasonably necessary for DLC to service its customers, effectively manage its business operations, and meet its regulatory and compliance obligations.
As required by the Pennsylvania Public Utility Commission (PAPUC), DLC provides Customer Information to third party electricity suppliers to enable them to offer DLC customers electricity at competitive rates.
Unless otherwise prohibited by law, DLC may share Customer Information with third parties with whom it has a business relationship, such as affiliate companies, business partners, and contractors, or when that information is reasonably necessary for DLC business operations, such as:
- Answering a customer inquiry, including through an agent, attorney or legislative representative
- Providing or supporting a requested product or service
- Fulfilling the operational needs of the electrical system or grid
- Providing services as required by state or federal law or as authorized, ordered, or directed by the PAPUC or by other regulatory entities
- Providing or billing for electrical service, including the collection of payment
- Investigating, resolving and managing legal claims
- Responding to PAPUC questions or concerns Planning, operating, and evaluating special programs, such as energy conservation, demand response, energy efficiency, or customer assistance
Nothing in this Privacy Policy shall limit the rights of any customer under the PAPUC, or other applicable regulations to restrict the release of Customer Information. DLC does not sell or rent Customer Information to third parties that do not have a business relationship with DLC. However, if DLC reaches an agreement in principle to sell its assets as part of a merger or acquisition, DLC may provide Customer Information to the other parties in the transaction, including prior to the closing of the transaction. Such Customer Information also may form part of the business assets that are subject to the sale or merger. In that circumstance, this Privacy Policy would still apply to Customer Information unless notice of a changed Privacy Policy is provided by the purchaser and, to the extent that consent is required for a new proposed use, appropriate consent is given. Customer Information may also be transferred as part of corporate reorganization.
DLC may collect and maintain information pertaining to children under the age of 13 when required for customer assistance programs or other business purposes; however, such information is not knowingly collected from minors directly.
DLC may disclose Customer Information when required by law or to comply with a judicial proceeding, a subpoena, a court order or other legal process. DLC also may disclose Customer Information when reasonably necessary to comply with an order or direction from the PAPUC. DLC will disclose customer information with an authorization or request from the customer.
DLC has implemented administrative, technical, and physical safeguards, as well as third party management controls and limitations on data shared, designed to protect Customer Information from unauthorized access, use, modification, or disclosure. While no set of controls can provide absolute security, these measures reflect the value that DLC places on Customer Information. DLC will retain Customer Information for as long as is reasonably necessary to meet its business needs and regulatory and compliance obligations.
AGGREGATE AND PUBLIC INFORMATION
DLC may aggregate multiple customers’ CEUD in various formats so that individual customer’s CEUD remains anonymous. Similarly, DLC maintains certain non-privileged, publicly available information about its customer base. This information may include general characteristics of the DLC customers’ total load and generation mix as well as general information regarding rates and customer participation in various programs.
This aggregated information and public information relates to electricity usage of groups of customers or broad categories of customers (e.g. industrial business, residential, etc.). The information is collected from a sufficiently large group of customers so as to make it highly improbable that the third party receiving such information could deduce the identities and/or electricity usage of individual customers.
DLC uses this information for various purposes, including analyzing rates and rate structures, evaluating energy usage demand needs, and determining potential changes within a geographic area. This aggregated and public information is not considered Customer Information and is not covered by this Privacy Policy.
INFORMATION ABOUT THE DLC WEBSITE AND MOBILE APPLICATION
DLC automatically collects certain information from visitors to the DLC website and users of the DLC mobile application, including browser information, domain names, the date and time a visitor accesses the website or mobile application, information viewed while visiting the website or mobile application, carrier providers, a unique device identifier (a string of alphanumeric characters (similar to a serial number) used to uniquely identify and distinguish each mobile phone or other wireless communications device.), geo-location information (if allowed by the user), the types of mobile devices accessing the mobile application, and the types of operating systems accessing the mobile applications. This information is used for statistical purposes, to measure the use of the website or mobile application, to improve its content and DLC’s customer service, and to diagnose and correct technical problems. Some DLC website pages may use “cookies.” A cookie is a piece of data stored on a visitor’s computer that helps DLC improve access to the site and make it more user friendly and customize information. If desired, visitors should follow their browser’s instructions to delete and/or block cookies.
DLC also may administer surveys from the DLC website or mobile application to gather information about its customers and their use of energy or related products and services, or to obtain customer views on other matters to help DLC provide better customer service. Participation in these surveys is voluntary.
The DLC website and mobile application may contain links to other websites or mobile applications that may be of interest or benefit to its customers and others. DLC is not responsible for the content or privacy practices of these other websites or mobile applications.
Accessing DLC mobile application using biometric authentication tools.
Customers may choose to access their DLC mobile application account using Face ID or Touch ID (Apple), Trusted Face or Fingerprint (Android), or other biometric authentication tools available to them through their mobile device. Currently, the DLC mobile application is available for download in the Apple App Store and Google Play store and is designed to work with Apple’s Face ID and Touch ID, as well Android’s Trusted Face and Fingerprint biometric authentication tools (“Biometric Authentication Tools”). Customers can access their DLC account through the DLC mobile application using the Biometric Identification Tools if (i) their mobile device supports the Biometric Authentication Tools, and (ii) they enable the Biometric Authentication Tools functionality on their mobile device and confirm that they want to use the Biometric Authentication Tools to sign into their DLC account through the DLC mobile application.
Face ID and Touch ID are authentication tools provided by Apple and are governed by Apple’s policies related to their use. Apple’s policies and information concerning Face ID can be accessed here, and Apple’s policies and information concerning Touch ID can be accessed here. Similarly, Trusted Face and Fingerprint are authentication tools offered on many Android mobile devices and are governed by Android’s security best practices and policies, accessible here.
DLC has no control over the Biometric Authentication Tools and does not have access to any customer biometric data that may be retained by such tools. DLC is not responsible for any issues arising from a customer’s decision to use the Biometric Authentication Tools to access his or her DLC account, and DLC shall not be liable for any unauthorized access to or unauthorized use of a customer’s biometric data or other Customer Information that is caused by a customer’s use of the Biometric Authentication Tools.
CHANGES AND INFORMATION
DLC regularly reviews its policies and will notify customers of any changes to this Privacy Policy through updates on the DLC website or mobile application.
For questions, concerns or more information about DLC’s Privacy Policy or Customer Information, please contact a DLC Customer Service Representative: