Privacy Notice & Policy for California Residents

Effective Date: January 1, 2020

This PRIVACY NOTICE & POLICY FOR CALIFORNIA RESIDENTS is provided by Epicor Software Corporation (“Epicor” and collectively, “we,” “us,” or “our”) and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”).

 

California Consumer Privacy Act (“CCPA”)

Any terms defined in the CCPA and the proposed regulations have the same meaning when used in this disclosure.

 

Information We Collect

We collect offline and online personal information that you provide us voluntarily or for which you otherwise consent to collection. Personal information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. (“personal information”, “PI”).

We have as a company collected the following general categories of personal information within the last twelve (12) months and may use or disclose such personal information for one or more business or commercial purposes:

Category Examples of Personal Information Categories of Sources from which the PI is Collected Business or Commercial Purpose Categories of third parties with whom PI is shared
Identifiers A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. • From you

• From your devices when you interact with our websites or mobile apps

• From Epicor employees when you interact with them and provide PI

• To fulfill or meet the reason for which the information is provided.

• To provide the services you requested.

• To evaluate your potential fit for employment opportunities.

• Manage payments, collections, fees and charges.

• For testing, analytics, research, analysis, and product development, including to develop and improve our website, products, and services.

• To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.

• To personalize your website experience and to deliver content and product and service offerings relevant to your interests, through our website, third-party sites, and via email or text messages.

• To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.

• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

• Co-Marketing Partners

• Advertising Platforms

• Social Media Platforms

• Analytics Providers

• Marketing Companies

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. • From you

• From your devices when you interact with our websites or mobile apps

• From Epicor employees when you interact with them and provide PI

• To fulfill or meet the reason you provided the information.

• To evaluate your potential fit for employment opportunities

• To carry out our obligations and enforce our rights arising from any contracts entered between you and us, including for billing and collections

• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our website users is among the assets transferred.

• To provide you with information, products or services that you request from us.

• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• Payment processors

Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

• From you

• From your devices when you interact with our websites or mobile apps

• From Epicor employees when you interact with them and provide PI

• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations, such as tracking data on applicants' protected class status for use in measuring the success of our EEO or affirmative action efforts.

• To carry out our obligations and enforce our rights arising from any contracts entered between you and us.

• To evaluate your potential fit for employment opportunities.
 
Commercial information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. • From you

• From your devices when you interact with our websites or mobile apps

• From Epicor employees when you interact with them and provide PI
• To carry out our obligations and enforce our rights arising from any contracts entered between you and us for product or services purchased.

• To provide you with information, products or services that you request from us.

• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

• To perform troubleshooting as requested by customers.
 
Internet or other similar network activity. Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. • From you when you interact with our website or any of our internal systems • To help maintain the safety, security, and integrity of our website, services, databases and other technology assets, used to support our business.

• For testing, research, analysis, and product development, including to develop and improve our website and services.

• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

• Security Operation Center (SOC) service provider
Sensory data Audio • From you • Responding to your audio or voice recordings. Call recording service providers.
Professional or employment-related information. Current job history or performance evaluations, Professional Membership information, certifications, licenses or credentials • From you

• From recruiters
• To evaluate your potential fit for employment opportunities.

• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
 
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student or prior student maintained by an educational institution or party acting on its behalf, such as grades, transcripts. • From you

• From an education institution or provider
• To evaluate your potential fit for employment opportunities.

• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
 
Inferences drawn from other personal information. Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. • From observations • To provide career development feedback and guidance to employees.

• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
 



Sharing Personal Information

We may disclose your personal information to a third party, our affiliates, agents, or service providers for a business purpose as described above.  When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to keep that personal information confidential and not use it for any purpose except for fulfilling requirements and services being performed under contract.

We do not sell personal information and in the preceding twelve (12) months, we have not sold any personal information.  However, we do share information with third-parties but only as directed by you through your opt-in to non-essential cookies.



Your Rights

The CCPA provides California residents with specific rights regarding their personal information. This section describes those rights. However, the CCPA, as amended, stipulates that the Right to Know and Right to Deletion request rights do not become effective before January 1, 2021 if you are one of the following (current or former):

  • Job applicants
  • Employees
  • Owners, Directors and Officers of the organization
  • Independent contractors
  • Medical staff members
  • Emergency contacts (for any of the specific individuals above)
  • Beneficiaries (in the context of benefits programs for the specific individuals above)
  • Business-to-business (B2B) contacts



Access to Your Personal Information (Right to Know)

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.

As part of our verification process of your request we will ensure reasonable measures are in place to detect fraudulent requests and prevent unauthorized access to your personal information. We are required to verify your identity, and the identity of your authorized agent, if the request is submitted via an agent by associating the information provided in the request to any personal information previously collected by us or use a third-party identity verification service.

Any personal information requested or collected for the purpose of identity verification for a “Right to Know” request is only used for that purpose and for security or fraud-prevention.

If the Personal Information is de-identified or in aggregate form, we will not re-identify the data to verify your request. We will not disclose your Social Security Number, driver License number or other government-issued identification number, financial account number, or any health insurance or medical identification number and will explain the basis for the denial, as well as any other personal information that is sensitive, as defined in California Civil Code section 1798.81.5 (d).

If you maintain a password-protected account with us, we may verify your identity through existing authentication practices and also require you to re-authenticate before exercising your right to the personal information requested.

If we suspect fraudulent or malicious activity on or from the password-protected account, we shall not comply with the request until further verification procedures determine that you have made the request, and we have authenticated and verified your identity as the person that has made the request.

We will delete any new personal information collected as soon as practical after processing the request, except as required to comply with the record keeping requirements.

Once we can confirm your verifiable request we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business purpose for collecting that personal information.
  • The categories of third parties with whom we share that personal information.
  • Specific pieces of personal information we collected about you, if requested.



Personal Information Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

If any of the following exceptions apply, we may deny your deletion request if retaining the information is necessary for us or our service providers to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.



Submitting Right to Know or Right to Deletion Requests

To exercise the rights described above, you can contact us by submitting your request by either:

Only you or your authorized agent may make a verifiable consumer request related to your personal information.  If you use an authorized agent to submit a request on your behalf, we may require that you (1) provide the authorized agent written permission to do so and provide a copy of the authorization to us; and (2) that we verify the identity of the authorized agent. These will not be required if your authorized agent can provide to us a copy of a power of attorney pursuant to Probate Code sections 4000 to 4465.

 

You may only make a verifiable consumer request twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to verify you are the person about whom we collected personal information or an authorized agent.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us.  We will only use personal information provided in a verifiable consumer request to verify your identity or authority to make the request.



Response Timing and Format

Upon receiving your request to know or a request to delete, we will process your request or notify you if the request requires an extension or will be denied.

We are required to provide a respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period.  If you have an account with us, we may deliver our response to that account.  If you do not have an account with us, we will deliver our response by mail or electronically, at your option.  Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt.  The response we provide will also explain the reasons we cannot comply with a request, if applicable. 

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.



Financial Incentives

We sponsor promotional contests and sweepstakes and use the information we collect for marketing purposes. You must opt-in to receive the incentive and will have the right to subsequently opt-out.



Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.



“Shine the Light Law”

While we do not provide your personal information to third parties for their use in marketing, under California law, California residents have the right to opt-out of such use of your personal information if it occurs.



Changes to this Privacy Notice and Policy

We reserve the right to amend this privacy notice and policy at our discretion and at any time. When we make changes to this privacy notice and policy, we will notify you through a notice on our website homepage.



Contact Information

If you have any questions or comments about this Privacy Notice & Policy the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, or need this disclosure in another format, please do not hesitate to contact us at: LegalPersonnel-EMEA@epicor.com.