Purpose and Scope

This privacy policy governs the customer portal “MyCPAU,” (also referred to in this policy as the “Site”) for City of Palo Alto Utilities customers (“Customers”). BY USING THE SITE OR REGISTERING FOR A SITE ACCOUNT, CUSTOMER AGREES TO THIS POLICY, WITHOUT CHANGE, ON CUSTOMER’S OWN BEHALF.

The purpose of this policy is to inform Customers how their personally identifiable information (as defined below) is being used by the Site when they use or enroll in the MyCPAU customer portal. “Personally identifiable information” means information that can be used on its own or with other information to identify, contact, or locate an individual Customer. Personally identifiable information does not include aggregate data that cannot be linked to a specific Customer.

Please direct any questions or concerns regarding this MyCPAU privacy policy to Utilities Customer Service, either by phone at 650-329-2161, by email at utilitiescustomerservice@cityofpaloalto.org, or by visiting the Utilities Customer Services counter located at City Hall, 250 Hamilton Avenue, Palo Alto, CA 94301.

Information Collected on the Site

The City of Palo Alto and its authorized service providers (“City”) only collect personally identifiable information that is required to provide service, or to comply with legal and regulatory requirements. Customer personally identifiable information that may be collected includes:

Account Data – The City may process the Customer’s account data, including the Customer’s name, email address, property address, and account number, as follows. Account data may be processed for the purposes of operating the Site, providing the services, ensuring the security of the Site and services, maintaining back-ups of databases, and communicating with the Customer.

Service Data – The City may process the Customer’s personal data that is provided in the course of the use of the services. Service data may be processed for the purposes of operating the Site, providing the services, ensuring the security of the Site and services, maintaining backups of databases and communicating with the Customer.

Transaction Data – The City may process information relating to transactions processed through the Site, including payment of utilities bills. Transaction data may include the Customer’s contact details, credit card/payment card details, and the transaction details.

Correspondence Data – The City may process information contained in or relating to any communication that the Customer sends through the Site to the City, or any communications the City sends to Customer through the Site. Correspondence data may include the communication content and metadata associated with the communication. Correspondence data may be processed for the purposes of communicating with the Customer and record-keeping.

Website Usage Data – The City may process data about the Customer’s use of the Site and services. Usage data may include the IP address, geographical location, browser type and version, operating system type and version, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency, and pattern of service use. The City may process this usage data for the purposes of analyzing the use of the Site and services.

Information Security and Information Sharing

The information of Customers doing business with or receiving services from the City through the Site is only available to the City's employees and third party contractors that are directly involved in providing those services. Customer data is never sold by the City or its contractors.

Except as otherwise provided by applicable law or within this policy, the City will treat Customer personally identifiable information as confidential and will not disclose it, or permit it to be disclosed, to third parties (other than City contractors directly involved in providing the services) without the express written consent of the Customer affected.

The City complies with the California Public Records Act and other local, state, and federal laws and regulations governing requests to access public records owned or held by the City. Personally identifiable information is generally excluded from such disclosures.

If the City becomes aware of a Site security breach resulting in a reasonable belief that a Customer’s personally identifiable information has been improperly disclosed, the City will notify the affected Customer by email of such breach and proceed in accordance with applicable laws.

Customer Access to Personally Identifiable Information

Customers may access their own account data at any time by logging in to the Site. Customers can use their MyCPAU account to update Customer’s contact information, including email address, phone number, and mailing address. Customers may also update their payment information for online bill payment transactions.

Use of Cookies

The City uses cookies for the following purposes:

• To identify and authenticate the Customer when the Customer visits, logs into, and/or navigates the Site;
• To store information about the Customer’s preferences and to personalize the Site for the Customer;
• To protect the Customer’s account, including preventing fraudulent use of login credentials and to protect the City’s Site and services;
• To analyze the use and performance of the City’s Site and services;
• To store the Customer’s preferences in relation to the use of cookies.

Changes to this Policy

Customers will be notified of any changes to this policy by email providing a link to this page. Continued use of the Site will constitute Customer’s agreement to the posted policy.

Date last modified: November 27, 2019