Privacy Policy (GDPR)

Generic_2

Epicor Software Corporation

UK, European and US Privacy Policy

(updated 13 September 2024)

Epicor Software Corporation ("Epicor" and “we”) provides this combined European and US Privacy Policy ("Privacy Policy") to help you understand how we collect, use and disclose data, including Personal Data (as defined below) relating to individuals within the scope of the EU GDPR, UK GDPR, and US Data Protection Laws. We collect Personal Data about such individuals in a variety of ways through our normal business activities, both online and offline. This includes, for example, when you and your organization place orders or purchase products or services, enter into agreements or communicate with us, visit with us at conferences or trade shows, visit and use versions of www.epicor.com that have been created for visitors from the United States of America and/or European Economic Area (and other geographical regions) and that link to it (together, the “Site”), or communicate with us electronically such as by sending and receiving email. The Personal Data we receive from customers pursuant to agreements and Personal Data relating to employees is not subject to this Privacy Policy.

This Privacy Policy explains Epicor's information practices including:

  • How Epicor uses the Personal Data you share with us and that we learn about you because of our relationship when you use the Site.
  • What Personal Data, if any, Epicor may share about you and the conditions we use to protect your Personal Data if it must be shared that has been collected through the Site.
  • How to exercise your data subject rights, in particular to request access or changes to or deletion of Personal Data that we receive about you through the Site as well as how to exercise other rights in connection with your Personal Data.
  • Other things you should know about privacy and Epicor.

"Personal Data" (which term also includes Personal Information, as defined under US Data Protection Laws) means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"US Data Protection Laws" means all laws and regulations applicable in the United States of America (Federal and State), including (i) the California Consumer Privacy Act (the “CCPA”), as amended by the California Privacy Rights Act ("CPRA"), as well as any regulations and guidance that may be issued thereunder; and, where applicable, (ii) the Virginia Consumer Data Protection Act ("CDPA"); (iii) the Colorado Privacy Act ("CPA");  (iv) the Connecticut Data Privacy Act ("CTDPA"); the Utah Consumer Privacy Act (“UCPA”); the Florida Digital Bill of Rights (“FLDBOR”); the Oregan Consumer Privacy Act (“OCPA”); the Montana Consumer Data Privacy Act  (“MTCDPA”); the Minnesota Consumer Data Privacy Act (“MCDPA”); the Delaware Personal Data Privacy Act (“DPDPA”); the Iowa Consumer Data protection Act (“ICDPA”); the Nebraska Data Privacy Act (“NEDPA”); the New Hampshire Act relative to the expectation of privacy (“NHCDPA”); the New Jersey Act concerning commercial internet websites, online services, consumers and personal identifiable information (“NJDPA”);  the Texas Data Privacy and Security Act (“TDPSA”); the Tennessee Information Protection Act (“TIPA”); and, in each case, as may be amended or superseded from time to time.

We process your Personal Data with your consent to perform or enter into contracts with you, in conformance with our legitimate business interests (maintaining our books and records, maintaining the security and integrity of this Site and our systems, enforcing the terms and conditions and Privacy Policy associated with this Site and our systems, monitoring the use and performance of this Site and our systems, quality assurance of our customer service operations, and product improvement and development) where your interest do not outweigh our interests, and to comply with legal obligations.

This Privacy Policy does not apply to the products and services sold by Epicor.

By using the Site, you consent to the collection and use of your Personal Data by Epicor consistent with US Data Protection Laws and other applicable data protection law including the EU GDPR and UK GDPR and this Privacy Policy which is expressly incorporated into the Terms. Epicor collects and uses the data you provide to us, including information obtained from your use of this Site. We may use or share Personal Data (e.g., name, address, telephone number, email address, and location) where it is necessary for us to complete a transaction or do something that you have asked us to do. Also, we may use the personal data that we collect for our business purposes to develop, enhance, and improve our products and services, and for advertising and marketing consistent with this Privacy Policy. By using the Site, you acknowledge, consent and agree that Epicor may collect, process, and use your personal data that you provide to us and that such information shall only be used by Epicor or third parties acting under Epicor’s direction in accordance with this Privacy Policy.

Special Notice to Global Visitors and Customers. This Site is hosted in the United States. Because Epicor operates globally, we may transfer your Personal Data within our global operations to fulfil our obligations to you, but always subject to the limitations of applicable data protection law and this Privacy Policy. Privacy laws differ across the globe. To help visitors whose native language may not be English understand our privacy practices, we may provide special information on our Privacy Policies that may be applicable to these visitors in different languages. Epicor entities outside the United States may have supplemental privacy policies that may apply in those countries.

If you are visiting from countries with laws governing data collection and use that may differ from U.S. law, including those whose privacy laws may be stricter than U.S. law, please note that you are transferring your Personal Data to the United States to Epicor. By providing your Personal Data, you consent to that transfer and processing.

US State Privacy Rights. If you reside in any of the US States listed under US Data Protection Laws, please review the  privacy notice and policy applicable to residents of the that US State, which Notice is available at https://www.epicor.com/en-uk/company/compliance/us-state-privacy-notices/  to learn more about additional rights you may have regarding our handling of your Personal Data.

Collected Data and Usage

Epicor further collects and uses Personal Data from you in several ways and for the purposes listed below. We only use your Personal Data as described below:

  • Directly from You through Site Forms or Site chat sessions.We receive the Personal Data you submit to us (e.g., name, address, telephone number, email address, and location) so we can complete a requested transaction and respond to your requests (including chat sessions). The processing of your Personal Data for these purposes is based on consent when initiating and engaging with the chat platform and/or necessity for the performance of a contract with you. We retain the information as described below in this Privacy Policy.
  • Improve our Products and Services.When you provide us with feedback and other information through the Site about our products and services, we use it for developing, enhancing, and improving our products and services.
  • Usage Behaviour. Epicor (or Epicor vendors and suppliers) may observe your activities, preferences, and transactional data (such as your IP address and browser type) as well as related usage behavior depending on whether you are using our Site or a particular Epicor Product. We may use this data for any purpose unless we tell you otherwise in connection with a particular Site or product. While we may collect or log this information, we do not identify you or match this non-Personal Data with your other Personal Data unless or except if we believe doing so will help us better respond to a request you have made or otherwise personalize your experience in using the Site. Where such non-Personal Data is linked to your Personal Data we will treat such information as Personal Data.

The processing of your Personal Data for these purposes is based on your consent and/or our legitimate interests. We retain the information as described below in this Privacy Policy.

Information about Cookies, Communications and Electronic Marketing Messages.

  • Strictly necessary cookies are necessary to provide the Website to you. In compliance with the UK and EU GDPR, we use strictly necessary cookies, which may be deployed without obtaining your prior consent.
  • Cookies set by Third Party Service Providers. Epicor and engaged third party service providers uses “cookies,” web beacons, server logs and related technology to collect information about how visitors interact with the Site and messages we send to individuals (e.g., which pages visitors view or emails individuals open, which URL of the website used before visiting the Site), Site usage preferences (e.g., language), and the technical characteristics of their Internet browsers and connection (e.g., IP Address, browser type, device identifiers, operating system version). We use this information to improve how the Site functions, improve the content we send to you, and provide you with personalized content and advertising on the Site, on other websites and online services and in electronic messages, as further described in the Epicor Cookie Policy. For example, we use your IP Address to identify the country from which you are accessing the Site so we can provide you with the version of the Site that is intended for that country. We also use cookies to store information necessary for visitors logging into certain portions of the Site and to remember visitors and their preferences. The third-party service providers listed in the table below use “cookies,” web beacons, server logs and related technology to collect information about you and process that data for the purposes listed in the table:

 

Third Party Service Provider Purposes of data collection
and
processing
Legal Base of Processing How to Opt-Out via the
Third-Party
Service Provider website
How to decline the
Third-Party Cookies
Google Analytics • to collect and process certain website usage data.
• provide you with personalized content and advertising on the Site.
• See Google Privacy Policy: https://policies.google.com/privacy
Consent To learn more about Google Analytics and how to opt out, please visit www.google.com/policies/privacy/partners/ Opt-out through making changes to your Cookie Settings (accessed by the link titled “Cookies
Settings’ at bottom of web page).
YouTube (Part of Google)Grow (part of Epicor)
makes use of YouTube’s API Services and is a YouTube API Client
• to collect and process certain website usage data.
• provide you with personalized content and advertising on the Site.
• See Google Privacy Policy: https://policies.google.com/privacy
ConsentBy using the Site (which, in
turn, makes
use of YouTube’s API Services, you have agreed to be bound
by YouTube’s Terms of Service: https://www.youtube.com/t/terms
To delete stored data or revoke YouTube’s API Client’s access to your data, go to Google Security
Settings Page at: https://myaccount.google.com/security and/or sign in to your Google Account
Opt-out through making changes to your Cookie Settings (accessed by the link titled “Cookies
Settings’ at bottom of web page).
Drift.com (communication channel) • To interact with Epicor’s website via automated chat sessions for the purposes of (i) customer
service; (ii) providing answers to various queries and questions; (iii) directing the website user
to the appropriate webpage, Epicor personnel and/or white paper.
ConsentBy engaging with the chat bot,
you consent to (i) all chat sessions (and the contents thereof) being processed and/or stored by
Epicor; and (ii) the chat transcript being recorded and stored by Epicor within Epicor’s Drift
Account
• Drift does not monitor or view the contents of chats with Epicor website visitors.
• Drift (nor Epicor) does not sell any website user data (or the content of any chats) to third
parties.
• Neither the Drift chatbot (nor Epicor) shares cookie information with third parties (like Meta,
Google, etc.) and Drift does not share or sell chat data with third parties.
• Communications in the Drift widget is strictly between Epicor (and/or, where authorised by Epicor,
its appointed contractors and/or sub-processors) and Epicor’s website visitor(s).
• Drift is strictly the medium for the communication. Drift itself does not communicate with
Epicor’s website visitors and does not eavesdrop on chats.
• Drift has access to chats for customer and technical support purposes only, in the same way
Microsoft would with emails in Outlook or Google would with emails in Gmail.
• More information about Drift’s position with respect to Epicor’s website user data is found at: https://www.drift.com/gdpr/
• Epicor’s privacy policy applies to Epicor’s collection and use of web user data in Epicor’s Drift
account.
Opt-out through making changes to your Cookie Settings (accessed by the link titled “Cookies
Settings’ at bottom of web page).
LiveChat/Text (communication channel) • To interact with Epicor’s website via automated chat sessions for the purposes of (i) customer
service; (ii) providing answers to various queries and questions; (iii) directing the website user
to the appropriate webpage, Epicor personnel and/or white paper.
ConsentBy engaging with the chat bot,
you consent to (i) all chat sessions (and the contents thereof) being processed and/or stored by
Epicor; and (ii) the chat transcript being recorded and stored by Epicor within Epicor’s
LiveChat Account
• More information about LiveChat’s position with respect to Epicor’s website user data is found at:
https://www.livechat.com/legal/privacy-policy/#4-how-we-share-information-we-process
• Epicor’s privacy policy applies to Epicor’s collection and use of web user data in Epicor’s
LiveCat account.
• LiveChat commitment to privacy, at: https://www.livechat.com/legal/privacy-policy/#4-how-we-share-information-we-process
• LiveChat uses your information, including personal details, to:
(a) Provide and improve our Services, Website, Chat Widget and apps to keep them running smoothly
and securely. This includes using your data for Services' operation, innovation, security, legal
reasons, and marketing. LiveChat may also anonymize or aggregate your data for research.
(b) Profiling and Advertising: LiveChat uses your data to show you relevant information, ads and to
keep you in the loop with our latest offers! You can opt out of this by contacting us.
• You can be sure data processing complies with relevant data privacy laws. If you're handling
personal data using LiveChat Services, make sure you're also playing by the rules – getting all the
necessary legal basis such as consent, and keeping the data in check, since you share with LiveChat
data of the people operating your Account and End-Users.
• Your data, your rules! Want to change or remove your personal info? Just let LiveChat know, and
LiveChat help you manage it.
• Saying goodbye? Upon request, LiveChat will delete your personal data, unless it's needed for the
purposes LiveChat told you about or LiveChat run into technical snags.
• You should know our promise: LiveChat take your privacy seriously.
• LiveChat may share your data with LiveChat affiliated companies or during mergers, following
LiveChat Privacy Policy. You'll be notified of such significant changes.
• LiveChat shares necessary data with trusted service providers, ensuring confidentiality and
security. They're also committed to keeping your info safe.
• In certain situations, when integrating with Third Party Services, you control the data you share.
LiveChat may also share your data with external sites that you visit. LiveChat do not have control
over Third Party Services or external sites; please review their terms and privacy policies.
• LiveChat may also disclose data to comply with legal requests, protect rights and safety, or
investigate fraud without prior notification in certain cases.
Opt-out through making changes to your Cookie Settings (accessed by the link titled “Cookies
Settings’ at bottom of web page).

You can learn how to decline or opt-out of cookies by reading the Epicor Cookie Policy.

The processing of your Personal Data for this purpose is based on your consent or necessity to provide the Site to you. We retain the information as described below in this Privacy Policy.

Commerce and Product Support. You may be asked to share Personal Data such as your name, address, telephone number, and email address when you make purchases, seek customer or technical support or otherwise interact with Epicor through the Site. When you buy directly from Epicor, Epicor and its vendors and suppliers who facilitate the purchase and delivery of products and services use this Personal Data to complete the transaction. Epicor shares Personal Data with its vendors and suppliers to complete transactions. Epicor has agreements in place with its vendors and suppliers to limit their use of the Personal Data to completing the transaction and performing services for Epicor. You may also interact directly with and provide Personal Data directly to Epicor’s vendors and suppliers when you purchase Epicor products and services or seek customer or technical support. In these circumstances, the vendors and suppliers collect and use your Personal Data subject to their privacy policies and will share Personal Data with us to complete the transaction.

The processing of your Personal Data for these purposes is based on the necessity for the performance of a contract with you. We retain the information as described below in this Privacy Policy.

Product Registration. Epicor allows customers to register products online or through similar ways. We request Personal Data, such as your name, address, email, and telephone number. Epicor receives this Personal Data and other product-related information in such submissions, and Epicor will use it to complete the registration.

The processing of your Personal Data for these purposes is based on the necessity for the performance of a contract with you. We retain the information as described below in this Privacy Policy.

Marketing and Other Informational Updates. With your consent and as otherwise permitted by law, we also use Personal Data (including address, telephone number, and e-mail address) and other information we receive from and about you from public sources (e.g., LinkedIn) to contact you with information from Epicor and its Affiliates /partners about their products and services, provide special offers and promotions that may be of interest to you, and notify you periodically about important changes to the Site (such as a material change to this Privacy Policy or notice of a security breach). You may withdraw your consent at any time by unsubscribing from such marketing communications or object to marketing measures at any time. Please note that withdrawing your consent will not affect the lawfulness of the processing before the withdrawal. In addition, withdrawing consent from marketing communications does not affect our ability to send you other communications, such as those related to providing services to you or responding to your requests.

You may opt out from receiving marketing-related communications by either clicking on the unsubscribe link at the bottom of marketing-related emails we send you or by clicking  here. We will process opt-out requests without undue delay.

The processing of your Personal Data for this purpose is based on your consent or on our legitimate interests. We retain the information as described below in this Privacy Policy.

Online and Offline Promotions, Contests and Sweepstakes. You may be asked to provide an email address or screen name, or other Personal Data, for entry into a particular promotion, including sweepstakes and contests so that we can let you know if you won a prize. The specific rules and regulations governing the particular promotion, contest or sweepstakes will vary and your participation constitutes your agreement to abide by those rules and regulations. Certain promotions, contests or sweepstakes may be run by an Epicor service provider or vendor or co-branded with one of our partners. In these instances, the collection of your Personal Data may occur directly by the service provider or vendor or a third-party partner on their website. The promotion will state the privacy policy or policies governing the collection of such information if they should differ from this Privacy Policy.

The processing of your Personal Data for this purpose is based on your consent or on our legitimate interests. We retain the information as described below in this Privacy Policy.

Children. The Site and Epicor’s products are not directed at children, and we do not knowingly collect personal data from children. If you are under 18 or otherwise would be required to have parent or guardian consent to share information with Epicor, you should (i) not send any information about yourself to us including your name, address, telephone number, email address, or any screen name or user name you may use; (ii) not use or provide any information on this Site or through any of its features, (iii) not register on the Site, (iv) not make any purchases through the Site, and (v) not use any of the interactive or public comment features of the Site. As required by law, if a person under 13 submits information through any part of an Epicor Site or an Epicor Product, and we learn the person submitting the information is such a child, we will attempt to delete this information as soon as possible.

Pseudonymization and Anonymisation

In some circumstances, we may pseudonymize and/or anonymise your Personal Data for business purposes including to improve our products and services, in which case we may use such information without further notice to you. The processing of your Personal Data for this purpose is based on our legitimate interests. We retain the information as described below in this Privacy Policy.

When Epicor Shares Collected Data

As previously stated in this Privacy Policy, Epicor may share Personal Data within Epicor (including our worldwide affiliates and other members of the Epicor Group) to fulfil its obligations to you and operate its business consistent with this Privacy Policy and applicable data protection law. In addition to what is already stated in this Privacy Policy, we will also share your Personal Data with third parties in the following situations and for the following purposes:

  • Epicor Subsidiaries, Affiliates, Vendors, and Suppliers. Epicor works with many affiliated third parties, vendors, distributors, and suppliers. We will provide Personal Data to them to the extent it is necessary for them to provide their products and services to us and to you. Epicor may also sometimes permit our authorized service providers to have access to aggregate statistics about our customers, sales, traffic patterns, and related Site or Application information. These transfers of aggregate statistics do not involve Personal Data.
  • Recruitment and Job Applications. We receive Personal Data through the Site and from service providers supporting on the online job website when you apply for employment through the Site. The Personal Data includes the information contained on a resume or curriculum vitae and the information you otherwise provide to us. With your prior consent, we keep your information on file for future employment consideration, even if you are not selected for the particular job you applied for. As discussed below, we have operations around the world and we may consider you for employment in locations around the world. For this reason, our recruiting and employment departments around the world will have access to the Personal Data you submit with your job application. You consent to this transfer of Personal Data outside of the EEA when you submit your Personal Data for employment consideration.
  • Enabling Services on the Site. Epicor offers a variety of services and functions through its Site ("Epicor Services"). Personal Data that is collected through the Site will be used and/or disclosed to third parties in order to enable us to provide Epicor Services. For example, the Epicor Site allows you to interface with a third-party website. To facilitate that connection, we may use your Personal Data and/or disclose your Personal Data to the third party operating the website.
  • Public Areas. Any information disclosed in public areas of the Site (such as by using Facebook, YouTube or Twitter functionality, etc.) will become public information. We do not control the use by others of information disclosed in public forums on the Site, such as forums, bulletin boards, blogs, chat rooms, and networking functions of mobile-device applications. You should exercise caution when disclosing information in these public areas, and be careful how you disclose your Personal Data.
  • Mergers and Acquisitions. If Epicor should ever merge with another company, or if Epicor should decide to buy, sell, or reorganize some part or all of its business, Epicor may be required to transfer your Personal Data and in such events your Personal Data may be used or transferred in accordance with this Privacy Policy and as permitted by law.
  • As Required by Law and Other Extraordinary Disclosures. Epicor may be required to disclose your Personal Data if it: (i) believes in its sole judgment that such disclosure is reasonably necessary to comply with legal process (such as a court order, subpoena, search warrant, etc.) or other legal requirements of any governmental authority, (ii) would potentially mitigate our liability in an actual or potential lawsuit, (iii) is otherwise necessary to protect our rights or property, or (iv) is necessary to protect the legal rights or property of others.

Security

Epicor maintains appropriate organizational and technical measures for the protection of the security, confidentiality, and integrity of Personal Data from unauthorised or unlawful access, accidental loss, destruction, damage, misuse, disclosure and alteration. Unfortunately, no data transmission over the Internet can be guaranteed to be secure, therefore, we cannot ensure the security of any information you send to us and you do so at your own risk. If Epicor learns of a security system's breach, we will comply with all applicable law to notify you about the breach so that you can take appropriate protective steps. Epicor may post a notice on the Site if a security breach occurs. If this happens, you will need a web browser or mobile device enabling you to view the Site. Epicor may also send an email to you at the email address you have provided to us in these circumstances or communicate with you by other means if we can. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

Accuracy of Personal Data and your Individual and/or Consumer Rights

While we take various steps to ensure the accuracy and completeness of your Personal Data, we rely upon you to provide accurate and complete Personal Data when interacting with us. All persons in the scope of the EU GDPR, the UK GDPR and US Data Protection Laws whose Personal Data is being processed by Epicor have the legal right to request one or more of the following: (i) access, (ii) rectification/correction (iii) erasure, (iv) restriction of processing, (v) object to processing, and/or (vi) data portability of their Personal Data. Any such requests should be submitted using the EU Individual Rights Request Form or the US Consumer Rights Request Form.

If you reside in the EEA or United Kingdom, you also have the right to lodge a complaint with an EU or UK supervisory authority. However, if you have a complaint regarding the processing of your Personal Data, we kindly request that you first contact us directly as indicated in the Contacting Epicor section of this Privacy Policy, and we will reply promptly.

How long we keep your Personal Data

We consider several factors to determine how long we keep Personal Data. We consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. Once we no longer have a need for your Personal Data, we will securely destroy it in accordance with our standards and applicable laws and regulations.

Links to Third-Party Sites and Co-Branded Sites

The Site may contain links to third-party websites, however, please be aware that Epicor is not responsible for and does not control the privacy practices of these other websites. We encourage you to read the privacy policies for these other websites, as they may differ from ours. The Site also contains links to co-branded websites that may display Epicor's logo and trademarks but which are maintained by third parties. Such websites may be identified by the fact that they do not display an "Epicor.com" URL. Please read the privacy policy on the co-branded website for the applicable privacy practices relating to Personal Data collected via that website, as it may differ from this Privacy Policy.

Where Personal Data Is Used and Stored

Because Epicor operates globally, we will transfer your Personal Data within our global operations to fulfil our obligations to you, subject to the limitations of applicable data protection law and this Privacy Policy. Privacy laws differ across the globe. To help visitors whose native language may not be English understand our privacy practices, we may provide special information on our Privacy Policies that may be applicable to these visitors in different languages. Epicor entities outside the European Economic Area may also have supplemental privacy policies that may apply in those countries.

You understand that when Personal Data is collected through the Site, we will transfer it within Epicor to the United States and other locations around the world. The United States and other jurisdictions may not provide data protection or privacy laws equivalent to the laws of your country, however, we put appropriate measures in place to protect your Personal Data, such as EU Standard Contractual Clauses.

Enforcement and More Information

When Epicor receives formal written inquiries or complaints, Epicor will contact the individual regarding his/her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the handling of Personal Data that cannot be resolved between Epicor and an individual.

Changes to This Privacy Policy by Epicor

We encourage you to periodically review this Privacy Policy. If we change our privacy practices, an updated version of this Privacy Policy will reflect those changes. Without prejudice to your rights under applicable law, we reserve the right to update and amend this Privacy Policy without prior notice to reflect technological advancements, legal and regulatory changes and good business practices to the extent that it does not change the privacy practices as set out in this Privacy Policy. If you do not agree to the changes to this Privacy Policy, you should request deletion of your Personal Data by submitting a request using the EU Individual Rights Request Form or the US Consumer Rights Request Form.

Contacting Epicor

The Data Controller for the Site is the organization listed below. If you have any questions, comments, or concerns about this Privacy Policy, please write to us at:

Epicor Software Corporation
Las Cimas II

807 Las Cimas Parkway, Suite 400
Austin

Texas 78746
USA

Attention: Legal Department

If you reside in the EEA or the UK, you may also contact our Data Privacy Officer by postal mail anytime.

Epicor Software Corporation
Attention: Data Privacy Officer
6 Arlington Square West
Bracknell
Bracknell RG12 1PU
United Kingdom