This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS (“Privacy Notice” of “Collection Notice”) is provided by Epicor Software Corporation (“Epicor” and collectively, “we,” “us,” or “our”) and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”).
This Privacy Notice is a California-specific Notice at Collection and is prepared and published in accordance with the California Consumer Privacy Act (“CCPA”) as amended by California Privacy Rights Act (“CPRA”).
This Privacy Notice is supplemental to Epicor’s European and US Privacy Policy.
Any terms defined in the CCPA (as amended by CPRA), and the proposed regulations have the same meaning when used in this Privacy Notice.
We collect offline and online personal information that you provide us voluntarily or for which you otherwise consent to collection. Personal information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. (“personal information”, “PI”).
We have as a company collected the following general categories of personal information within the last twelve (12) months and may use or disclose such personal information for one or more business or commercial purposes:
Category | Examples of Personal Information | Categories of Sources from which the PI is Collected | Business or Commercial Purpose | Categories of third parties with whom PI is shared | Retention Period |
---|---|---|---|---|---|
Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. | • From you • From your devices when you interact with our websites or mobile apps • From Epicor employees when you interact with them and provide PI |
• To fulfill or meet the reason for which the information is provided. • To provide the services you requested. • To evaluate your potential fit for employment opportunities. • Manage payments, collections, fees and charges. • For testing, analytics, research, analysis, and product development, including to develop and improve our website, products, and services. • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses. • To personalize your website experience and to deliver content and product and service offerings relevant to your interests, through our website, third-party sites, and via email or text messages. • To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you. • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. |
• Co-Marketing Partners • Advertising Platforms • Social Media Platforms • Analytics Providers • Marketing Companies |
6 years from last contact |
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | • From you • From your devices when you interact with our websites or mobile apps • From Epicor employees when you interact with them and provide PI |
• To fulfill or meet the reason you provided the information. • To evaluate your potential fit for employment opportunities • To carry out our obligations and enforce our rights arising from any contracts entered between you and us, including for billing and collections • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our website users is among the assets transferred. • To provide you with information, products or services that you request from us. • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. |
• Payment processors |
6 years from last contact |
Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
• From you • From your devices when you interact with our websites or mobile apps • From Epicor employees when you interact with them and provide PI |
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations, such as tracking data on applicants' protected class status for use in measuring the success of our EEO or affirmative action efforts. • To carry out our obligations and enforce our rights arising from any contracts entered between you and us. • To evaluate your potential fit for employment opportunities. |
None. Sensitive PI is not shared with third parties other than as required by law. |
Not Applicable. |
Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | • From you • From your devices when you interact with our websites or mobile apps • From Epicor employees when you interact with them and provide PI |
• To carry out our obligations and enforce our rights arising from any contracts entered between you and us for product or services purchased. • To provide you with information, products or services that you request from us. • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. • To perform troubleshooting as requested by customers. |
|
6 years from last contact |
Internet or other similar network activity. | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | • From you when you interact with our website or any of our internal systems | • To help maintain the safety, security, and integrity of our website, services, databases and other technology assets, used to support our business. • For testing, research, analysis, and product development, including to develop and improve our website and services. • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. |
• Security Operation Center (SOC) service provider | 2 years |
Sensory data | Audio | • From you | • Responding to your audio or voice recordings. | Call recording service providers. | 2 years |
Professional or employment-related information. | Current job history or performance evaluations, Professional Membership information, certifications, licenses or credentials | • From you • From recruiters |
• To evaluate your potential fit for employment opportunities. • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. |
|
7 years after employment ends |
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student or prior student maintained by an educational institution or party acting on its behalf, such as grades, transcripts. | • From you • From an education institution or provider |
• To evaluate your potential fit for employment opportunities. • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. |
|
7 years after employment ends |
Inferences drawn from other personal information. | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | • From observations | • To provide career development feedback and guidance to employees. • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. |
|
Not Applicable |
Sensitive personal information is a subtype of personal information consisting of specific categories of personal information. We do not knowingly collect sensitive personal information or use it to infer characteristics about a person. When using Epicor products and applications (including products offered by some Epicor affiliates such as Grow.com through Grow.com website or other web based portal) Epicor has strict contractual measures in place (under Epicor’s Master Customer Agreement, Master Terms and Conditions) that prohibit you from providing and/or uploading and/or sharing sensitive personal information with Epicor and, as such, Epicor does not collect any sensitive personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We do not collect any information about criminal convictions and offences, and you should not provide such sensitive personal information to Epicor.
We may disclose your personal information to a third party, our affiliates, agents, or service providers and other third-party vendors for a business purpose as described above. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to keep that personal information confidential and not use it for any purpose except for fulfilling requirements and services being performed under contract.
Do Not Sell. We do not sell personal information (including sensitive personal information) and in the preceding twelve (12) months, we have not sold any personal information. However, we do share information with third parties but only as directed by you through your opt-in to non-essential cookies. You may exercise your rights to opt out via our Do Not Sell My Personal Information link.
CCPA (as amended by CPRA) provides California residents with specific rights regarding their personal information. This section describes those rights.
Right | Description of Right | Verification Process | Actions |
---|---|---|---|
Access to Your Personal Information (Right to Know) |
You have the right to request that Epicor disclose certain information to you about our collection and use of your personal information over the past 12 months. |
As part of our verification process of your request we will ensure reasonable measures are in place to detect fraudulent requests and prevent unauthorized access to your personal information. We are required to verify your identity, and the identity of your authorized agent, if the request is submitted via an agent by associating the information provided in the request to any personal information previously collected by us or use a third-party identity verification service.
Any personal information requested or collected for the purpose of identity verification for a “Right to Know” request is only used for that purpose and for security or fraud-prevention.
If the Personal Information is de-identified or in aggregate form, we will not re-identify the data to verify your request. We will not disclose your Social Security Number, driver License number or other government-issued identification number, financial account number, or any health insurance or medical identification number and will explain the basis for the denial, as well as any other personal information that is sensitive, as defined in California Civil Code section 1798.81.5 (d).
If you maintain a password-protected account with us, we may verify your identity through existing authentication practices and also require you to re-authenticate before exercising your right to the personal information requested.
If we suspect fraudulent or malicious activity on or from the password-protected account, we shall not comply with the request until further verification procedures determine that you have made the request, and we have authenticated and verified your identity as the person that has made the request. |
Once we can confirm your verifiable request we will disclose to you:
|
Deletion Request Rights
|
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. |
Before actioning your request, we will undertake the same verification process as set out immediately above for Right to Know requests. If any of the following exceptions apply, we may deny your deletion request if retaining the information is necessary for us or our service providers to:
|
We will delete any new personal information collected as soon as practical after processing the request, except as required to comply with the record keeping requirements. |
Right to Opt-Out of Sales of Personal Information |
You have the right to request that we do not sell your personal information that we collected from you and retained. |
Before actioning your request, we will undertake the same verification process as set out immediately above for Right to Know requests. |
You may exercise your right to opt-out of the sale of your personal information by submitting your request via our online Do Not Sell My Personal Information Form |
Right to correct inaccurate personal information |
You have the right to request that we correct any of your personal information that we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will correct (and direct our service providers to correct) your personal information from our records, unless an exception applies. |
Before actioning your request, we will undertake the same verification process as set out immediately above for Right to Know requests. |
We will correct any personal information collected as soon as practical after processing the request, except as required to comply with the record keeping requirements and/or by law. |
Right of freedom from discrimination for opting-out. |
You have the right to know about and opt out of any type of automated decision-making that may lead to discrimination. You also have the right not to be discriminated against for withdrawing consent and/or opting out of personal information sharing or sales. |
Epicor does not engage in and/or utilise third parties to conduct automated decision making using personal information thus Epicor will not be able to action any requests to opt-out of automated decision making. Epicor does not penalise any users or consumers from exercising its rights to withdraw consent to the processing of its personal information and/or exercising its rights to opt-out. |
Epicor does not sell personal information, so not applicable |
To exercise the rights described above, you can contact us by submitting your request by either:
Only you or your authorized agent may make a verifiable consumer request related to your personal information. If you use an authorized agent to submit a request on your behalf, we may require that you (1) provide the authorized agent written permission to do so and provide a copy of the authorization to us; and (2) that we verify the identity of the authorized agent. These will not be required if your authorized agent can provide to us a copy of a power of attorney pursuant to Probate Code sections 4000 to 4465.
You may only make a verifiable consumer request twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify your identity or authority to make the request.
Upon receiving your request to know or a request to delete, we will process your request or notify you if the request requires an extension or will be denied.
We are required to provide a respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period. If you have an account with us, we may deliver our response to that account. If you do not have an account with us, we will deliver our response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We sponsor promotional contests and sweepstakes and use the information we collect for marketing purposes. You must opt-in to receive the incentive and will have the right to subsequently opt-out.
We will not discriminate against you for exercising any of your CCPA rights.
While we do not provide your personal information to third parties for their use in marketing, under California law, California residents have the right to opt-out of such use of your personal information if it occurs.
We reserve the right to amend this privacy notice and policy at our discretion and at any time. When we make changes to this privacy notice and policy, we will notify you through a notice on our website homepage.
If you have any questions or comments about this Privacy Notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, or need this disclosure in another format you may address your questions or comments to:
Epicor Software Corporation
Las Cimas II
807 Las Cimas Parkway, Suite 400
Austin
Texas 78746
USA