Personal Information Obtained from Third Parties.
We may also obtain information about you from third parties, such as identity verification services and credit bureaus. In some markets, if you apply for our Services, we will obtain consumer reports from consumer reporting agencies related to you at the time of the collection in connection with the use of any Services we may offer you or that you may obtain from us. Additionally, Constellation may purchase your personal information from a third party to supplement the personal information you have provided to us, such as information about your interests, demographics, and marketing inferences. We may also obtain business contact information from the business entity you represent.
B. How Constellation Uses Your Personal Information
We may use your personal information for any the following purposes:
- Provide our Services: To establish and provide service, maintain your account, manage your payments and transaction history, security and identity verification, build and manage business opportunities, and fulfill contract requirements.
- Improve our Services and grow Constellation: To understand our customer base, conduct market research and statistical analysis, develop new products, and improve the Services.
- Respond to your inquiries: To provide support and respond to your questions, inquiries, and other requests.
- Send communications and marketing: To provide account updates or other communications regarding your account or to inform you of any changes to our Services. We may also use your personal information to send you information, recommendations, and promotions we feel may be of interest to you.
- Offer, maintain, and improve online Services: To monitor the performance of the Services, improve the Services, ensure the security of the Services, and personalize your experience.
- Comply with legal and regulatory obligations: To comply with our legal and regulatory requirements or in connection with inquiries from regulators, law enforcement agencies, or parties involved in litigation.
We may also use your personal information to establish, protect, or exercise our legal rights; as required to enforce contracts; to defend against legal claims or demands; detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person.
C. How Constellation Shares Information
We may share personal information as follows:
- With vendors that perform business functions on our behalf, such as processing transactions, marketing, professional services, measurement and analytics services, energy efficiency services, maintenance and hosting of our Services, and IT.
- With recipients for business purposes as necessary to offer and improve our Services, such as credit bureaus and utility companies.
- With affiliates and other entities in our corporate family so these entities can share information on products and services that may be of interest to you.
- With advertising and measurement vendors who assist us in serving advertisements regarding the Services. These third parties use tracking technologies on the Services to collect or receive information from the Services and elsewhere on the internet and use that information to provide measurement services and targeted ads. Third parties may allow other companies to access information about you so that they may market other products you may be interested in.
- When required by law and when we are legally required to do so, such as in response to or in compliance with court or regulatory agency orders (including law enforcement if applicable), legal proceedings, or legal processes; to exercise our legal rights; to defend against legal claims or demands; or to comply with the requirements of any applicable law.
- To prevent harm or if we believe it is necessary in order to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person.
- As part of a business transaction with another entity or its affiliates or service providers in connection with a contemplated or actual merger, acquisition, consolidation, change of control, or sale of all or a portion of our assets or if we undergo bankruptcy or liquidation.
D. Personal Information Choices
- Access or correct your personal information: You can access your contact information and other information about your service history via your Constellation account (if applicable) at any time to correct or view certain information of yours in our possession and associated with your account.
- Notification and marketing preferences: You may change your notification preferences at any time by logging into your Constellation account (if applicable) and adjusting your preferences. If you no longer wish to receive marketing communications from us, you can contact us or log into your account (if applicable) and adjust your preferences. You can also click the unsubscribe link at the bottom of applicable emails.
- Universal Opt-Out Mechanisms: If you are using a browser setting or plug-in that sends an opt-out preference signal to each website you visit, such as the Global Privacy Control ("GPC") signal, we will treat that as a valid request to opt out. To download and use a browser supporting the GPC browser signal, click here. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use. Please note, however, that our Services are not currently configured to respond to “Do Not Track” signals.
SMS preferences: You can opt out of receiving SMS messages by responding to any of our text messages with any of the following replies: STOP, END, CANCEL, UNSUBSCRIBE, or QUIT. Alternatively, you can change your notification preference by contacting us or logging into your account (if applicable) and adjusting your preferences.
E. How We Protect Your Personal Information
The security of your personal information is important to us. We implement and maintain commercially reasonable safeguards to protect and limit access to personal information that we collect and store. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to safeguard your personal information, we cannot guarantee absolute security of the networks, systems, devices, and databases we operate or that are operated on our behalf.
F. Special Information for Connecticut, Maryland, Nebraska, and Texas Residents
Depending on where you reside, enacted consumer privacy laws grant their residents certain rights and require specific disclosures.
This section addresses these state-specific requirements. The Connecticut Data Privacy Act ("CTDPA"), the Maryland Online Data Privacy Act (“MODPA”), the Nebraska Data Privacy Act (“NDPA”), and the Texas Data Privacy and Security Act ("TDPSA") provide Connecticut, Maryland, Nebraska, and Texas residents with the right to receive certain disclosures regarding the personal data we process about them. For purposes of this Section, “personal data” means any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified/aggregate data or publicly available information as the CTDPA, MODPA, NDPA, and TDPSA define those terms.
For information about the categories of personal data we process, the purposes for our processing, the categories of personal data that we share with third parties, and the categories of third parties with whom we share personal data, please see Sections A through C, above, and Section G, below.
If you are a Connecticut, Maryland, Nebraska, or Texas resident, (a Constellation Home or Connect customer in Texas), the CTDPA, MODPA, NDPA, and TDPSA may provide you the following rights with respect to your personal data (if applicable):
- The right to confirm whether or not we are processing your personal data and to access such personal data;
- The right to obtain a copy of your personal data that we collected from and/or about you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another controller without hindrance, where the processing is carried out by automated means;
- The right to obtain a list of the categories of third parties to which we have disclosed your personal data (unless we do not maintain this information in a format specific to you, in which case, we will provide a list of the categories of third parties to which we have disclosed any consumers’ personal data);
- The right to delete personal data that we collected from and/or about you, subject to certain exceptions;
- The right to correct inaccurate personal data that we maintain about you, subject to certain exceptions;
- The right, if applicable, to opt out of the processing of your personal data for purposes of (1) targeted advertising, (2) the "sale" of your personal data (as that term is defined by applicable privacy laws), or (3) profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning you;
- If we obtain your consent to process sensitive personal data, the right to withdraw your consent; and
- The right not to receive discriminatory treatment by us for the exercise of your privacy rights.
We do not sell personal data in the conventional sense. However, like many companies, we use cookies and other tracking technologies to display advertisements about our Services to you on nonaffiliated websites, applications, and online services. This is “targeted advertising” under the CTDPA, MODPA, NDPA, or TDPSA. When we engage in those activities, we sell personal data (i.e., information from cookies) to third-party advertisers and analytics companies. We do not use personal data for profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning individuals.
To exercise your rights, please submit a request through our interactive webform available here or by calling us at 844-636-1244 (for TX, CT and MD residents) or 877-274-5710 (for Black Hills Nebraska for Nebraska residents). If legally required, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the individual on whose behalf you are making such request. To do so, we will ask you to verify data points based on information we have in our records. If you are submitting an opt-out request on behalf of another individual, please use the same contact methods described above. We will process authorized agent requests in accordance with applicable law. If we refuse to take action regarding your request, you may appeal our decision by replying to our denial or emailing us at WebAgent@constellation.com.
G. Special Information for California Residents
The California Consumer Privacy Act as amended by the California Privacy Rights Act of 2020 (“CCPA") requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, sale, sharing, and retention of personal information and of the rights of California residents regarding their personal information. This section of the Notice is intended solely for, and is applicable only as to, California residents. If you are not a California resident, this section does not apply to you and you should not rely on it.
If you are a California resident and a job applicant, please see our Job Candidate Privacy Notice. If you are a California resident and a current or former employee, or independent contractor of ours, please see our workforce privacy notice for more information on our collection and use of your personal information in that capacity.
Notice at Collection of Personal Information
We collect personal information subject to the CCPA where we interact with representatives or agents of our business customers or other business contacts who are located in California or when residents of California visit our websites or applications.
We currently collect and, in the 12 months prior to the Last Updated Date of this Notice, have collected the following categories of personal information:
- Identifiers (name, online identifier, Internet Protocol address, email address, phone number, business or other contact address)
- Unique personal identifiers (device identifier; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; customer number, unique pseudonym or user alias)
- Commercial information (records of products or services purchased, obtained or considered)
- Internet or other electronic network activity information (browsing history; search history; and information regarding consumer’s interaction with website, application or advertisement)
- Geolocation data
- Audio, electronic, or similar information
- Professional or employment-related information
Constellation does not collect the following categories listed in the CCPA for current and prospective business customers: protected classifications, biometric information, education information, inferences, or sensory data.
We collect personal information directly from California residents and from the business entity they represent, advertising networks, internet service providers, data analytics providers, social networks, and data brokers. We do not collect all categories of personal information from each source.
In addition to the purposes stated in Section B above, we currently collect and have collected the above categories of personal information for the following CCPA business or commercial purposes:
- Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards
- Helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes
- Debugging to identify and repair errors that impair existing intended functionality
- Short-term, transient use
- Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, or providing similar services
- roviding advertising and marketing services, except for cross-context behavioral advertising, to you provided that, for the purpose of advertising and marketing, our service providers and/or contractors shall not combine the personal information of opted-out consumers that the service provider or contractor receives from us, or on our behalf with personal information that the service provider or contractor receives from, or on behalf of, another person or persons or collects from its own interaction with you
- Undertaking internal research for technological development and demonstration
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us
- Advancing our commercial or economic interests, such as by enabling or effecting, directly or indirectly, a commercial transaction
Sale, Sharing, and Disclosure of Personal Information
The CCPA also requires us to list the categories of third parties to whom we “sell” or “share” personal information. Under the CCPA, a business “sells” personal information when it transfers personal information to a third party for monetary or other valuable consideration.
The following table identifies the categories of personal information that we sold or shared to third parties in the 12 months preceding the Last Updated Date of this Notice and, for each category, the categories of third parties to whom we sold or shared personal information:
Category of Personal Information
|
Category of Third Parties
|
Identifiers (online identifier, Internet Protocol address)
|
Advertising networks; Data analytics providers
|
Unique personal identifiers (device identifier; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology)
|
Advertising networks; Data analytics providers
|
Geolocation data
|
Advertising networks; Data analytics providers
|
Internet or other similar network activity (information regarding your interaction with an internet website, application, or advertisement)
|
Advertising networks; Data analytics providers
|
We sold or shared personal information to third parties for the following business or commercial purposes:
- Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards
- Advancing our commercial or economic interests
We disclosed all of the following categories of personal information identified in the Notice at Collection of Personal Information section above to service providers or contractors (entities that are restricted from using personal information for any purpose that is not related to our engagement) for a business purpose in the 12 months preceding the Last Updated Date of this Notice.
We disclosed personal information for all of the following business or commercial purposes identified in the Notice at Collection of Personal Information section above.
We do not knowingly collect, sell, or share the personal information of consumers under 16 years of age. We do not use sensitive personal information for purposes other than those allowed by the CCPA and its regulations.
Retention of Personal Information
California law requires us to provide information regarding the criteria we use to determine the length of time for which we retain personal information.
We utilize the following criteria to determine the length of time for which we retain information:
- The business purposes for which the information is used, and the length of time for which the information is required to achieve those purposes;
- Whether we are required to retain the information type in order to comply with legal obligations or contractual commitments, to defend against potential legal claims, or as otherwise necessary to investigate theft or other activities potentially in violation of Constellation’s policies and procedures applicable to you or against the law, to ensure a secure online environment, or to protect health and safety.
Individual pieces of personal information such as those listed above may exist in different systems that are used for different business or legal purposes. A different maximum retention period may apply to each use case of the information. Certain individual pieces of information may also be stored in combination with other individual pieces of information, and the maximum retention period may be determined by the purpose for which that information set is used.
Your CCPA Rights
As a California resident, you have the following rights with respect to your personal information:
- The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected personal information, the business or commercial purpose for collecting, selling or sharing personal information (if applicable), the categories of third parties to whom we disclose personal information (if applicable), and the specific pieces of personal information we collected about you;
- The right to delete personal information that we collected from you, subject to certain exceptions;
- The right to correct inaccurate personal information that we maintain about you;
- If we sell or share personal information, the right to opt out of the sale or sharing;
- If we use or disclose sensitive personal information for purposes other than those allowed by the CCPA and its regulations, the right to limit our use or disclosure; and
- The right not to be retaliated against for exercising privacy rights the CCPA confers.
How to Submit a Request to Know, Correct, and/or Delete
You may submit a request to exercise your rights to know, correct, and/or delete your personal information through one of two means:
- By completing the form available here
- By calling us at 1-844-636-3749
You may authorize another individual or a business registered with the California Secretary of State, called an authorized agent, to make requests on your behalf through these means.
Our Process for Verifying a Request to Know, Correct, and/or Delete
Upon submission of your request, we will contact you (via the email address provided in your request) with instructions on how to verify the request, after which we will check our records for matching information, and aim to complete requests as soon as reasonably practicable and consistent with any applicable laws.
Right to Opt Out of Sale or Sharing of Personal Information
If you are a California resident, you also have the right to direct us to stop selling or sharing your personal information to third parties. You may submit a request to opt out of sales or sharing by visiting Your Privacy Choices. If you have enabled privacy controls on your browser (such as a plugin), we will also treat that as a valid request to opt-out. Please see the “Universal Opt-Out Mechanisms” portion of Section D above for more information.
Right to Limit Use and Disclosure of Sensitive Personal Information
The CCPA also grants you the right to request that we limit use of sensitive personal information to certain purposes allowed by law. However, we do not use sensitive personal information in any way for which you would be afforded this right.
H. Children’s Privacy
Our websites, applications, and Services are not intended for children under 13 years of age. We do not knowingly collect, use, or disclose personal information from children under 13 years of age, nor will we knowingly allow children under 13 years of age to use certain features of our website.
I. Contact Us
For questions or concerns about this Notice, please contact WebAgent@constellation.com and we will use reasonable efforts to address those questions and concerns.
J. Biometric Information Policy
The Illinois Biometric Information Privacy Act (BIPA) regulates the collection, use, and retention of a person's biometric identifiers or information (biometric data). It requires collectors of this information to, among other things, establish a retention schedule and guidelines for permanently destroying biometric data when the initial purpose for collecting or obtaining such biometric data has been satisfied or within 3 years of the individual's last interaction with the private entity, whichever occurs first.
Constellation Energy Generation, LLC (Constellation Generation) is the largest operator of commercial nuclear power plants in the United States. As part of its extensive efforts to ensure the security of these facilities and to comply with federal government regulations, Constellation Generation collects biometric data in the form of fingerprints and hand geometry scans from persons who apply for and persons who are granted unescorted access to one or more of its nuclear power plants or to Safeguards Information. The collection of fingerprints for these purposes is required by Section 149 of the Atomic Energy Act of 1954, as amended, and the regulations of the United States Nuclear Regulatory Commission (NRC) at 10 CFR §§ 73.55, 73.56, and 73.57. Upon collection, Constellation Generation transmits these fingerprint files electronically to the NRC to provide to the Federal Bureau of Investigation for the purpose of conducting criminal history records checks. The results of the criminal history records checks are provided to and used by Constellation Generation as part of its determination of the trustworthiness and reliability to hold unescorted access or have access to Safeguards Information.
Fingerprint files collected by Constellation Generation are securely stored and transmitted by Constellation Generation to Government entities using a reasonable standard of care within the nuclear industry. Constellation Generation periodically destroys the fingerprint files it collects once the initial purpose of collection has been satisfied, not to exceed three years. After the fingerprint files are transmitted to the Government entities, Constellation Generation retains a secure copy of the electronic file for a period of time in case the data becomes corrupted in transmission. The electronic files are periodically deleted based on the date the electronic file was created, but within a three-year period.
Constellation Generation collects hand geometry scans of persons granted unescorted access for the purpose of verifying the identity of persons who have already been granted unescorted access prior to each entry into the protected area of its nuclear power plants. For Constellation Generation’s Illinois-based nuclear plants, hand geometry data is stored in a secure system and is evaluated, typically every thirty days. All hand geometry data for persons who no longer require unescorted access to the facility is deleted as part of that evaluation.
Constellation Generation does not sell, lease, trade, disclose, redisclose, disseminate, or profit from a person’s biometric data.
Additional information regarding the NRC's requirement for access authorization and physical protection of nuclear power plants can be found on the NRC's website at www.nrc.gov.
K. UK and EU Supplementary Privacy Notice
This UK/EU Privacy Notice is issued on behalf of Constellation Energy Corporation (“Constellation”) and its subsidiaries and affiliated companies, including but not limited to Constellation Energy Generation, LLC, Constellation Home Products & Services, LLC, Constellation NewEnergy, Inc., Constellation NewEnergy-Gas Division, LLC, and their respective subsidiaries (hereinafter referred to collectively as “Constellation” or “Constellation companies,” “us,” “we,” or “our”). When we mention these terms in this UK/EU Privacy Notice, we are referring to the relevant company out of those listed above that is responsible for processing your personal information.
Constellation Energy Generation, LLC is the controller that is responsible for the website(s).
If you have any questions about this UK/EU Privacy Notice, please contact us using the information set out in the Contact Us section below.
Use of Personal Information:
Under UK and EU data protection laws, we are required to have a lawful basis for processing personal information. In particular, at least one of the following lawful bases must apply in each case:
- Consent: where you have expressly agreed to us processing your personal information.
- Performance of a contract: where it is necessary for us to process your personal information in order to perform a contract with you or to take steps at your request before entering into a contract with you.
- Legal obligations: where it is necessary for us to process your personal information for compliance with a relevant legal obligation that we are subject to.
- Vital interest: where it is necessary for us to process your personal information to protect your vital interests, or the vital interests of someone else.
- Public task: where it is necessary for us process your personal information to perform a task in the public interest and the task has a clear basis in law.
- Legitimate interests: where it is necessary for our legitimate interests (or those of a third party) to process your personal information, as long as your interests and fundamental rights do not override those interests.
The table below sets out the purposes for which we process your personal information, and the relevant lawful base or bases that apply in each case.