Skip to main content
  • HCM Privacy

Epicor HCM Privacy Policy

Effective Date: June 22, 2011

Last Updated Date: December 18, 2013

This Epicor HCM Privacy Policy (“Privacy Policy”) explains how we may:

  • collect,
  • use, and
  • disclose

information we obtain through the “Services.” The term “Epicor,” “we,” and “us” includes Epicor Software Corporation and our affiliates and subsidiaries.

The “Services” include the Epicor HCM solution and related hosting and/or Internet services under the control of Epicor, whether partial or otherwise, in connection with providing Epicor’s HCM solution. We provide our customers with services and tools that automate and streamline their business functions. These services and tools are not a part of our corporate website. The information submitted through our customer service relationships will be held by us subject to the requirements specified by our customers.

“Personal Information” means information that alone or when in combination with other information may be used to readily identify, contact, or locate an individual, such as: name, address, email address, or phone number. We do not consider Personal Information to include information that has been anonymized so that it does not allow a third party to easily identify a specific individual.

This Privacy Policy Does Not Apply to Our Customers or Organizations Who Are Not Epicor’s Agents. This Privacy Policy does not reflect the privacy practices of our customers and we are not responsible for our customers’ privacy policies or practices. We do not review, comment upon, or monitor our customers’ privacy policies or their compliance with their respective privacy policies, nor do we review a customer’s instructions to determine whether they are in compliance or conflict with the terms of a customer’s published privacy policy. Accordingly, we operate as a data processor for our customers. Our customers act as data controllers. We maintain only that Personal Information that our customers have asked us to host or process. This Privacy Policy does not apply to the practices of organizations or individuals we do not employ or manage, including any third-party content contributors bound by contract.

If customers do not obtain consent for the collection, use, or disclosure of the Personal Information of the individuals as described in this Privacy Policy, they should not submit any such Personal Information to us. If Personal Information about an individual was submitted to us by our customer, and the individual no longer consents to its use or disclosure as described in this Privacy Policy, such individual should contact the organization to which the individual directly submitted the Personal Information or notify us at


Customer Support. We may collect Personal Information through communications with our customer-support team, such as when individuals request more information or help on a product or service.

From our Customers through the Services. We collect information, including Personal Information, about individuals from our customers through the Services, such as contact, human resource-related, and billing information. This information may include, among other things, an individual’s name, email address, address, telephone number, billing, credit card, benefits, payroll, resume, and performance management-related information. As we expand our services, we may collect other types of information.

We operate as a data processor for our customers. Our customers act as the data controllers. We collect and maintain only Personal Information our customers have asked us to process. It is our customers’ responsibility to ensure that the data they collect can be legally collected from individuals in their country of origin. Our customers are responsible for notifying their employees and customers that personal information is being collected and maintained outside of their countries of origin.

Cookies, Automatic Data Collection, and Related Technologies. The Services collect and store information that is generated automatically as they are used, including preferences and anonymous usage statistics.

When users visit the Services, we and our third-party service providers may receive and record information on our server logs from users’ browser, including IP address, and from cookies and similar technology. Most browsers allow users to block and delete cookies. However, if users do that, the Services may not work properly.

By using the Services, users are authorizing us to gather, parse, and retain data related to the provision of the Services.


Internal and Service-Related Usage. We use information, including Personal Information, for internal and service-related purposes and may provide it to third parties to allow us to facilitate the Services. We may use and retain any data we collect to provide and improve our Services. We will use Personal Information only in ways compatible with the purpose for which it was collected or authorized by our customers.

For Our Customers. We use information, including Personal Information, according to the instructions of customers that submitted such information to us through the Services.

Communications. We may send email to the email address individuals provide to us for informational and operational purposes, such as account management, customer service, or system maintenance.

Aggregate Data. We may anonymize and aggregate data collected through the Services and use it for any purpose.


We Use Vendors and Service Providers. We may share any information we receive with vendors and service providers retained in connection with the provision of the Services. For example, we may share Personal Information with payment processors to complete transactions.

As Required By Our Customers. We may share any information we receive from our customers as directed by our customers.

Marketing. We do not rent, sell, or share Personal Information about users with other people or nonaffiliated companies for their direct marketing purposes, unless we have the individual’s permission.

As Required By Law and Similar Disclosures. We may access, preserve, and disclose Personal Information, other account information, and content if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to customer or end user requests; or protect users’, ours’ or others’ rights, property, or safety.

Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of Epicor assets, or transition of service to another provider, information may be sold or transferred as part of such a transaction as permitted by law and/or contract. We cannot control how such entities may use or disclose such information.

We may also disclose an individual’s Personal Information with such individual’s permission.


We take steps designed to secure information in accordance with this Privacy Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information provided to us. We do not accept liability for unintentional disclosure.


Our collection, use, and disclosure of information are generally governed by service agreements with our customers. Information relied upon to provide these Services is retained only for as long as we have a valid business purpose and in accordance with applicable law; including the maintenance of backups in the ordinary course of performing the Services.


Information processed by the Services is transferred to the United States and processed globally. By providing Personal Information about individuals to us, customers agree that they have such individual’s consent to any transfer and processing in accordance with this Privacy Policy.

Safe Harbor. Epicor complies with the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks and adheres to the Safe Harbor privacy principles with respect to the Services. Information on both Safe Harbors may be found at


In most cases, when we obtain Personal Information, we do so on behalf of another organization (as an agent or data processor). To request access to, correct, amend, or delete Personal Information, a customer or end user should contact the organization to which the data was provided.

In other cases, to update or correct any information provided to us through use of the Services or otherwise, or for suggestions for improving this Privacy Policy, please send an email to


Any questions, comments or complaints about the data practices of a customer for which Epicor processes data should be addressed to that customer (including, without limitation, compliance with data privacy principles of notice, choice, onward transfer, access, security, data integrity, or enforcement), although we will make reasonable efforts to comply or assist with such requests.

Epicor has a Privacy Officer who is responsible for our compliance with and enforcement of this Privacy Policy. Epicor’s Privacy Officer is available to any of its employees, customers, vendors, business partners, or others who may have questions concerning this Privacy Policy or data security practices. Epicor’s Privacy Officer may be contacted by email at With regard to Personal Information processed by the Services, Epicor has agreed to use the alternative dispute resolution services provided by JAMS.


Posting of Revised Privacy Policy. We will post any adjustments to the Privacy Policy on Epicor’s (or its successors) website, and the revised version will be effective when it is posted.

New Uses of Personal Information. If our practices change regarding previously collected Personal Information in a way that would be materially less restrictive than stated in the version of this Privacy Policy in effect at the time we collected the information, we will make reasonable efforts to provide notice and obtain consent to any such uses as may be required by law.

Contact Information

Epicor Software Corporation
18101 Von Karman Avenue, Suite 1600
Irvine, CA 92612
Attention: Legal Department


Follow Us