Corporate integrity is of paramount importance to Epicor. This core principle is reflected in this AI Code of Conduct (AI Code), which is provided on a voluntary basis and establishes the standards that shall be met by Epicor when using an AI System and/or offering Epicor’s AI Products to Customers.
Definitions. In this AI Code:
AI: means artificial intelligence and refers to machine learning algorithms and generative models, including but not limited to large language models (LLMs), natural language processing (NLP) technologies, retrieval augmented generation (RAG), and other technologies that produce outputs based on training data.
AI Regulations: means the EU AI Act, Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonized rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act);
AI System: means a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments;
Applicable Data Protection Laws: means the US Data Protection Laws, EU GDPR, the UK GDPR, the UK Data Protection Legislation (all as defined below) and all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, including Switzerland as well as the laws of the UAE, India and China applicable to the Processing of Personal Data under this DPA and the Agreement;
Customer Data: has the same meaning as defined in Epicor’s Customer Agreement, Master Terms and Conditions available for download from https://www.epicor.com/en-us/company/customer-agreements/
Epicor: means Epicor Software Corporation and its international affiliates, listed at https://www.epicor.com/en-uk/company/compliance/affiliates/
Epicor’s AI Products: means the Epicor Products denoted on an Order as an AI product;
Epicor DPA: means Epicor’s country-specific customer facing data processing addendum(s) available at https://www.epicor.com/en-us/company/data-privacy-addenda/, the terms and conditions of which are incorporated by reference into the Epicor Master Customer Agreement available at https://www.epicor.com/en-us/company/data-privacy-addenda/
Epicor Products: means any software application, product or service offered by Epicor in connection with an Order to Customer.
Epicor Master Customer Agreement: means collectively Epicor’s Master Customer Agreement Master Terms and Conditions, as supplemented by one or more relevant Product Supplements and/or Orders, available for download from https://www.epicor.com/en-us/company/customer-agreements/
EU GDPR: means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (as applicable and in force across the European Union) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) as amended, replaced or superseded.
Order: means a quotation or order form designed to document Customer’s order of certain Products from Epicor. An Order may include a statement of work, work authorisation, change order or similar document.
Services: means data services, professional services, consultancy services, SaaS Services, customisation services and/or any software support and maintenance services or any other services offered by Epicor.
UK Data Protection Legislation: all applicable data protection and privacy legislation in force from time to time in the United Kingdom including without limitation the UK GDPR; the Data Protection Act 2018 (and regulations made thereunder) (DPA 2018); the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended; and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications); and the guidance and codes of practice issued by the Commissioner or other relevant regulatory authority and which are applicable to a party.
UK GDPR has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the DPA 2018.
US Data Protection Laws means all laws and regulations applicable in the United States of America (Federal and State), including (i) the California Consumer Privacy Act (the “CCPA”), as amended by the California Privacy Rights Act ("CPRA"), as well as any regulations and guidance that may be issued thereunder; and, where applicable, (ii) the Virginia Consumer Data Protection Act ("CDPA"); (iii) the Colorado Privacy Act ("CPA"); (iv) the Connecticut Data Privacy Act ("CTDPA"); the Utah Consumer Privacy Act (“UCPA”); the Florida Digital Bill of Rights (“FLDBOR”); the Oregan Consumer Privacy Act (“OCPA”); the Montana Consumer Data Privacy Act (“MTCDPA”); the Minnesota Consumer Data Privacy Act (“MCDPA”); the Delaware Personal Data Privacy Act (“DPDPA”); the Iowa Consumer Data protection Act (“ICDPA”); the Nebraska Data Privacy Act (“NEDPA”); the New Hampshire Act relative to the expectation of privacy (“NHCDPA”); the New Jersey Act concerning commercial internet websites, online services, consumers and personal identifiable information (“NJDPA”); the Texas Data Privacy and Security Act (“TDPSA”); the Tennessee Information Protection Act (“TIPA”); and, in each case, as may be amended or superseded from time to time.
In carrying out its obligations under an Epicor Master Customer Agreement, Epicor agrees to comply with the standards set out in this AI Code as well as Applicable Data Protection Laws in the countries where Epicor operates. The countries and jurisdictions where Epicor operates are listed at https://www.epicor.com/en-uk/company/compliance/affiliates/
If there is a conflict between (i) any applicable laws or regulations, (ii) the Epicor Master Customer Agreement and (iii) this AI Code, Epicor will meet the most stringent standard.
Epicor has the right to update and modify this AI Code from time to time without prior notice to the Customer.
Epicor will comply with all Applicable Data Protection Laws when processing any personal data on Customer’s behalf.
Epicor will give the Customer as much notice as possible if it proposes to use an AI System to provide Epicor Products and/or Services to the Customer. This applies only to Epicor’s use of AI systems to directly provide Services and/or Epicor Products, and not to the use of AI systems as part of Epicor’s internal operations and management.
Epicor will implement and adhere to responsible and ethical practices when designing, implementing, monitoring, training, testing, deploying, or otherwise developing or using AI Systems and/or developing an Epicor AI Product. This includes adhering to all applicable:
Without limiting Epicor’s obligations under paragraph 4.2, Epicor will:
Epicor will not use or retain Customer Data (which term includes Personal Data) or confidential information belonging to a customer for the purposes of training or inputting into any AI system or model to develop and/or enhance an Epicor AI Product without Customer’s prior written approval.
Where Epicor uses third-party providers to develop an AI system and/or Epicor AI Product, Epicor shall implement appropriate risk management and supervision measures to ensure that the third-party provider adheres to the standards set out in paragraph 4.1.
Where appropriate, Epicor will implement a system of training for its employees and contractors that routinely work with and/or develop Epicor’s AI Products to ensure that they are aware of the requirements of this AI Code.
Epicor will monitor its compliance with this AI Code and will report (on a voluntary basis) any violations (actual or suspected) of this AI Code as required under the AI Regulations.