Unitil Service Corp. and its parent and affiliate companies (collectively, “Unitil”) are committed to protecting the privacy of all our customers and users of our websites.
Although Unitil’s websites, including Unitil.com and MyUnitil (the “Sites”), collect some personal information in connection with the provision of services via the Internet, Unitil does not sell or disclose any personal information about you or your Internet usage without your direct and prior approval, unless required by law, by request in a regulatory proceeding, or by search warrant, subpoena or court order. Other than as set forth herein, we will not use your information for any purpose other than to provide you with information, products and services.
Collecting and Utilizing Information
In certain areas of the Sites, personal information is requested, such as name, address, customer account number, and email address. This information is requested only for the purpose of providing you with the service you have requested or to answer the question(s) you have asked. It will not be used to solicit you or for any other purposes. All services available through the Sites will be fully identified and explained to you in the same section of the Sites where you are asked to provide your information.
When paying bills electronically, we will collect personally identifiable information for authentication purposes in order to process your payments. Electronic bill payment on the Sites requires that you provide information regarding your bank account and/or credit card .
Unitil and the European Union’s General Data Protection Regulation (“GDPR” or “Regulation”)
The GDPR, which became enforceable on May 25, 2018, lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or processor in the E.U. It also applies to the processing of personal data of data subjects who are in the E.U. by a controller or processor not established in the E.U., where the processing activities are related to (i) the offering of goods and services to such data subjects in the E.U. or (ii) the monitoring of their behavior as far as their behavior takes place within the E.U.
By its terms, the GDPR thus does not apply to Unitil. Unitil operates solely in the U.S. and has no offices or employees in the E.U. Unitil confines its activities to the U.S. market and does not market or sell services outside the U.S. In addition, all of Unitil’s customers are located in the U.S., and the processing activities for these customers are related to activities that take place in the U.S. and do not involve the processing of personal data of data subjects who are in the E.U.
Even if some of Unitil’s customers are citizens of the E.U., the GDPR would not apply because (i) Unitil is not offering services to those customers in the E.U. and (ii) the personal data of those customers is being processed in the U.S. based on activities that take place within the U.S.
The customer data we collect is protected against unauthorized access by rigorous security measures that are compliant with applicable state and federal laws and regulatory requirements. As we consider information security paramount at Unitil, we regularly review our security measures and update them as necessary to safeguard your personal information.
Sharing Customer Information
Unitil does not release any personal information about you or your usage without your direct and prior approval, unless required by law, by request in a regulatory proceeding, or by search warrant, subpoena or court order. We will not use your information for any purpose other than to provide you with our services.
Unitil may sometimes provide aggregate information about our customers for statistical use or in accordance with regulatory reporting requirements. These statistics do not include any information that personally identifies our customers.
Unitil does not sell, trade or rent your personal information to others. In the event that Unitil’s policy on this matter changes in the future, Unitil will provide clear notice of such change on the Sites.
When you visit our websites Unitil web servers use persistent and non-persistent cookies. Both types of cookies do not reveal your identity - they simply enable us to maintain custom settings while you use our site. A persistent cookie permits our website to remember these settings when you visit again in the future, resulting in faster and more convenient access. Currently, we only use a persistent cookie for the “Remember Me” feature in our Report a Power Outage form. If selected, a cookie will be installed on the user’s browser and will store the user’s Unitil account number in order to streamline the user’s experience when reporting future outages. The cookie is set to automatically expire after 30 days.