Personal data protection policy of PrestaShop Account and PrestaShop Services
Including Cookie policy
October 2023
You should pay particular attention to how your personal data is obtained, used and shared.
Also, this Personal Data Protection Policy (hereinafter the “Policy”) has been written to enable you to become aware of the practices and conditions under which PrestaShop S.A – Limited Company registered in the Paris Trade and Companies Register under number 497 916 635 and whose offices are located at 198 Av. de France, 75013 Paris, collects and processes your Data as part of the creation of your PrestaShop Account and the subscription to additional services (hereinafter the “Services”).
Given the constant evolution of laws and regulations regarding technology and Data protection, the Policy may be regularly updated. If you are a user of the Services made accessible by PrestaShop Account, we invite you to regularly consult this page. In addition, you will be informed of substantial modifications by email. Substantial modifications are considered to be modifications relating to the main characteristics of the processing of personal data (addition of new purposes, etc.).
If one of the clauses of the Policy should be declared void or contrary to the regulations, it will be deemed unwritten but will not result in the nullity of the other clauses of the Policy.
It does not apply to Data collected by any third parties or through sites managed by them; including through applications or redirecting the user to the Services.
The purpose of the Policy is to inform Users about the Data processing that we implement, about how we use this Data, share it and protect it, and about the rights you have over the Data concerning you.
We thank you for reading the Policy carefully in order to clearly understand our practices regarding the processing of your Data and inform you that the consultation and use of our Services are subject to this Policy.
If you do not agree with this Policy, we invite you not to use our Services.
It is your responsibility to ensure that the Data communicated to PrestaShop is complete and up to date.
1. DEFINITIONS
The User is informed that the following terms or expressions will have, whenever they begin with a capital letter in the body of the Policy (including its appearances and its preamble), whether they are used in the singular or in the plural , masculine or feminine, the meaning attributed to them below:
“SCC and/or Standard Contractual Clauses” designates the standard contractual clauses adopted by the European Commission to regulate transfers of personal data carried out by controllers to recipients located outside the European Union.
“T&Cs” designates the PrestaShop Account and PrestaShop Services terms and conditions of use.
“Data” means any information relating to an identified or identifiable natural person within the meaning of Article 4.1 GDPR.
“DPA and/or Data Processing Agreement” designates an agreement on Data processing governing the contractual relations between the Controller and its Processor.
“PrestaShop (and/or) the Company” means the company PrestaShop S.A – Société Anonyme registered in the Paris Trade and Companies Register under number 497 916 635 and whose offices are located at 198 Av. de France, 75013 Paris
“Controller” means the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing as defined in Article 4.7 of the GDPR .
“GDPR” means the General Data Protection Regulation 2016/679 dated April 27, 2016.
“Services” means the service(s) presented by the T&Cs.
“Processor” means the natural or legal person, public authority, service or other body which processes personal data on behalf of the Controller as defined in Article 4.8 of the GDPR.
Terms starting with a capital letter and which are not defined above have the meaning given to them in the T&Cs.
2. PURPOSES & LEGAL BASES
PrestaShop may collect your Data for the following purposes:
| Purposes | Legal bases | Details |
|---|---|---|
| Provision of our PrestaShop services as well as our third-party services
→ account creation, use of our services, providing assistance and support services, providing assistance, invoice management, dispute management, etc. |
Contractual commitment | → T&Cs → Specificity linked to the support service (DPA in appendix 4 of the T&Cs) |
| Provision of our Third Party Services and management of our contractual relationships with our Official Partners | Contractual commitment | → T&Cs → partnership contract concluded between PrestaShop and our Official Partners |
| Perform data analyzes → Monitoring of the User profile (on their Back office) |
Legitimate interest | We consider that we have a legitimate interest in carrying out data analyzes with a view to continually improving our services. |
| Communicate with you → management of requests for information and comments, respond to your contact requests, advise you, communicate modifications and updates, alert you in the event of security incidents, etc. |
Legitimate interest | We consider that we have a legitimate interest in responding to questions or consultations that you have raised via the various contact channels |
| Marketing → Commercial prospecting, newsletters, etc. |
Legitimate interest | In accordance with the CNIL’s recommendations regarding B2B commercial prospecting, you are likely to receive commercial communications |
| Meet our legal requirements | Legal obligation | Respond to requests from authorities, comply with laws and regulations, Respond to requests to exercise rights mentioned in article 6 of this Policy |
| Ensuring the security of our services → Fraud detection and prevention, information system security, etc. |
Legitimate interest | We consider that we have a legitimate interest in ensuring the security of our services |
| Litigation management | Contractual commitment | → T&Cs |
| Litigation management | Contractual commitment | → T&Cs |
3. WHO PROCESS YOUR DATA?
3.1 Processing of your Data by PrestaShop employees
Your Data may be processed by PrestaShop employees.
Your Data may be transmitted to any buyer or other successor in the event of a merger, assignment, restructuring, reorganization, dissolution or other sale or transfer of part or all of the assets of PrestaShop due to uncertainties or bankruptcy, liquidation or other processes in which User Data from the various PrestaShop sites are among the assets transferred.
3.2 Processing of your Data by our Partners whose Connector you download
In addition, when you download the Connectors allowing you to use the third-party Services of our Partners, your Data (date of download of the Connector, email address, telephone number if it was provided, URL of your website, first and last name ) are communicated to the latter in order (i) to enable us to monitor the management of the partnership concluded with PrestaShop, (ii) to enable you to register for the Partner Service and (iii) to enable them to offer you personalized commercial offers unless you object.
In addition and in order to use the PrestaShop Services, in the event that the User does not have an account with the Official Partner, the User will then be referred to the Official Partner’s site, managed by people or organizations on which PrestaShop has no control.
The account thus created with the Official Partner only binds the User vis-à-vis the latter.
It is the User’s responsibility to read and accept the general conditions of sale and/or use and the confidentiality policies of third-party Services.
The PrestaShop Services concerned are as follows:
- Google LLC (PrestaShop Marketing, PrestaShop Metrics)
- PayPal Pte. Ltd. (PrestaShop Checkout)
- Payplug et Oney (PrestaShop Paylater)
- RiverBank S.A. (PrestaShop Capital)
- Meta Platforms, Inc. (PrestaShop Social)
- Klaviyo (PrestaShop Automation)
On the other hand, unlike the other PrestaShop Services mentioned above, the use of PrestaShop Shipping differs. PrestaShop directly creates the account with our Official Partner (Mail Boxes Etc.) in the name and on behalf of the User. The User is invited to read the Privacy Statement for the processing of personal data of Mail Boxes Etc. available under this link.
3.3 Processing of your Data by Processors
For the purposes of our activity, and for external processing needs, your Data may be communicated to service providers.
The list of Processors is available in Appendix 2.
The latter are obliged, by a DPA, to respect the confidentiality of the Data and to use it only for the purposes for which we transmit it to them. In addition, transfers of Data outside the European Union are subject to the signature of SCC with the latter.
4. LEGAL DISCLOSURE
We may also disclose your Data:
- to comply with any legal mandate, law or legal process, including governmental and regulatory requests;
- if we believe that disclosure is necessary or appropriate to protect the rights, property or safety of PrestaShop, its customers or other stakeholders. Such disclosure includes exchanging information with other companies and organizations for the purposes of protection against fraud and counterfeiting.
5. CONSERVATION
PrestaShop only keeps your Data for the necessary period. This retention period is not the same depending on the Data in question, the nature and purpose of the collection being likely to cause this duration to vary. Likewise, certain legal obligations impose a specific retention period.
The User’s IP address collected following registration for the PrestaShop Account service is kept for thirty (30) days and then deleted.
Data collected through cookies and other trackers is kept for a period of thirteen (13) months from their collection.
Finally, we keep some of your Data for longer if necessary, for legitimate business purposes or if the law requires us to do so (whether for security purposes, financial data archiving, or fraud prevention and abuses).
When you delete or request the deletion of your Data, we ensure the effectiveness of this deletion or their conservation in anonymized form.
6. PROTECTION
Your Data is stored on secure servers and protected by firewalls and antiviruses.
We have implemented technical and organizational measures intended to guarantee the security and confidentiality of your Data against any accidental loss and against any unauthorized access, use, modification and disclosure.
Given the particularities inherent to the Internet, it is however impossible for us to guarantee optimal security of the exchange of information on this network.
We strive to protect your Data, but we cannot guarantee the absolute security of information transmitted to the Site. You agree that you transmit your Data at your own risk.
We cannot be held responsible for non-compliance with the privacy settings or security measures in place on our Sites.
As such, you agree that the security of your information is also your responsibility. For example, it is your responsibility to keep secret the password allowing you to access your User account.
Do not under any circumstances disclose it to third parties. Likewise, be careful when disclosing information in the public sections of the Site, which can be consulted by any User of the Site.
7. RIGHTS
You can choose how the Data you transmit to us is used:
- You can browse the Site without providing any Data.
- You can decide not to create a PrestaShop Account or not to use the Services associated with it. Please note, however, that the creation of a PrestaShop Account is mandatory to be able to use the Services.
- You can decide to no longer receive the Newsletter. All you have to do is unsubscribe using the link in the email sending you the Newsletter.
In accordance with the provisions of the applicable Data protection regulations, in particular European Regulation 2016/679 on Data protection, you have a right of access and a right of rectification to your Data.
You also have the right to define guidelines relating to the fate of your Data in the event of death.
In addition, subject to the conditions provided for by the GDPR for the exercise of these rights, you benefit from:
- A right to erasure of your Data;
- A right to limit the processing of your Data;
- A right to object to the processing of your Data for legitimate reasons, in accordance with the article 21 of the GDPR ;
- A right to portability of the Data you have provided;
When the processing of your Data is carried out on the basis of your consent, you can withdraw it at any time. You acknowledge, however, that processing carried out before the revocation of your consent remains perfectly valid.
However, in accordance with article 12.6 of the GDPR, for the exercise of these rights, PrestaShop, as Controller, reserves the right to ask you to prove your identity. We inform you that the Data used to prove your identity will be deleted once we have responded to your request.
You can exercise these rights by sending an email in French, English or Spanish to [email protected] or to the following address:
PrestaShop S.A
Legal Department
198 Av. de France, 75013 Paris
We have one month to respond to any request relating to the exercise of your rights. This deadline may be extended by two months due to complexity or too many requests.
Finally, you have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), in particular on its website www.cnil.fr.
8. TRANSFERS
In accordance with article 3 above, Data may be transmitted to our Partners and/or Processors located outside the European Union. In this case, PrestaShop makes every effort to ensure the security of Data passing outside the European Union.
| Transfers concerned | Supervision of transfers |
|---|---|
| Our Partners whose Connector you download |
Acceptance of the User to the general conditions of the Partners |
| Our Processors | Signature of SCC between PrestaShop and all our Processors established outside the European Union |
ANNEX 1.
COOKIE POLICY
When you visit or use the Sites, PrestaShop or its Partner service providers may use cookies or any other tracking/tracking/automatic Data collection technology to store information to provide you with an improved, faster and more secure experience. .
This cookie policy aims to help you better understand these technologies and our use of them.
1. WHAT IS A COOKIE ?
Cookies are small text files (most often consisting of letters and numbers), stored in the memory of your browser or device when you visit a website or view a message.
They allow a website to recognize the browser or device. Like most websites, PrestaShop uses technologies, mostly through small Data files stored on your device that allow us to record certain information when you visit or use our Site.
There are several types of cookies:
Session cookies: they expire as soon as the browser is closed and allow us to link your actions during this particular session,
Persistent cookies: they are stored on your device between browsing sessions and allow us to remember your preferences or actions on several sites,
Proprietary cookies: they are issued by the site you are visiting,
Third-party cookies: they are issued by a third-party site, separate from the site you are visiting.
2. WHAT TYPES OF COOKIES DOES PRESTASHOP USE?
To obtain more information on the cookies used, we invite you to consult the following pages:
| Cookie placed by | Cookie name | Category | Purpose of the cookie | Lifetime |
|---|---|---|---|---|
| Hotjar | _hjSessionUser | Analytic | This cookie keeps the Hotjar user ID, unique for this site, on the browser. This ensures that behavior on subsequent visits to the same site will be attributed to the same user ID. | 12 months |
| _hjSession | Analytic | This cookie contains data from the current session. This means that subsequent requests in the session window will be assigned to the same Hotjar session. | 30 minutes | |
| Google Analytics | _ga | Analytic | This cookie allows us to broadcast our advertising messages on the Google network. | 13 months |
| _gat_UA-nnn | Analytic | This cookie assigns an identifier to each visitor to distinguish them. | Browsing Session | |
| _gid | Analytic | This cookie allows us to broadcast our advertising messages on the Google network. | 24 hours | |
| Segment | analytics.js | Analytic | This tracker allows the tracking of interactions between the user and the page. | 1 year |
3. HOW TO MANAGE THE DEPOSIT AND READING OF COOKIES?
Certain features of our sites, services, applications and tools are made available to you only through these cookies or trackers.
However, refusing to use these technologies may result in the unavailability of certain features of our services.
For more information on blocking, removing or disabling these technologies, see your browser or device settings.
For third-party cookies, you can configure your browser settings to refuse all third-party cookies.
- For Google Chrome, see this link.
- For Mozilla Firefox, see this link.
- For Microsoft Edge, see this link.
- For Opera, see this link.
- For Internet Explorer, see this link.
- For Apple Safari, see this link.
ANNEX 2.
OUR PROCESSORS
The following Processors may process your Data:
| Processors | Services provided | Country of head office |
|---|---|---|
| GOOGLE CLOUD PLATFORM | Hosting of data relating to the provision of our services | UNITED STATES |
| CHARGEBEE INC. | Subscription invoicing tool necessary for the use of our PrestaShop Metrics Service as well as for RBM Modules | UNITED STATES |
| STRIPE, INC. | Managing recurring payments | Ireland |
| ATLASSIAN for Jira |
Ticket management software | UNITED STATES |
| ZENDESK INC. | Support | UNITED STATES |
| ACTIVE CONTACT | Support | Tunisia |
| Inverted | Support | Lithuania |
| SIFAST | Support | Tunisia |
| VOCALCOM for Hermes360 |
Business telephony solution | France |
| AIRCALL SAS | Business telephony solution | France |
| SENDSAFELY INC. | Support | UNITED STATES |
| GURU TECHNOLOGIES, INC. | Support | UNITED STATES |
| ZOHO CORPORATION PVT. LTD. | Support | UNITED STATES |
| HUBSPOT, INC. | Our customer relationship management tool. | UNITED STATES |
| FUNCTIONAL SOFTWARE, INC. via sentry.io |
Bug finding software | UNITED STATES |
| MIXPANEL INC. | Business Analytics Platform | UNITED STATES |
| SEGMENT.IO, INC. | Business Analytics Platform | UNITED STATES |
| HOTJAR LTD. | Business Analytics Platform | UNITED STATES |
| GOOGLE CLOUD for Looker |
Business Analytics Platform | UNITED STATES |
| GOOGLE IRELAND LIMITED for Google analytics for DoubleClick |
Business Analytics Platform | UNITED STATES |
| CONTENTSQUARE | Tracking | France |
| AB TASTY | Tracking | France |
| CLOUDFLARE | Tracking | |
| TAPFILIATE | Tracking | |
| DRIFT.COM, INC. | Tracking | UNITED STATES |
| ANTVOICE | Tracking | France |
| ARTEFACT | Tracking | France |
| Tracking | UNITED STATES | |
| Tracking | UNITED STATES | |
| Tracking | UNITED STATES | |
| QUORA | Tracking | UNITED STATES |