Personal data protection policy

Last modified : February 6 2023

It is normal to place special emphasis on how your data is obtained, used and shared.

That is why this personal data protection policy (the “Policy”) has been created to help you understand the practices and conditions in which PrestaShop SA – a public limited company entered the Paris company and trade register under no. 497 916 635, having its offices at 198, avenue de France, 75013 Paris, (“PrestaShop”) gathers, uses and stores your personal data (the “Data”).

In this document you will find the various Data that we may collect and process or that you may provide to us when you access :

The abovementioned URLs are collectively referred to as the “Websites”.

Use of all the Websites is subject to this Policy.

It does not apply to information collected by any third party or through websites managed by the latter, including via applications and content (including advertisements) redirecting users to the Website.

Please read the Policy carefully to clearly understand our practices regarding the processing of your Data. Please be aware that you must agree to this Policy in order to view and/or use our Websites.

If you do not agree, please do not use our Websites.

ARTICLE 1 – DATA CONTROLLER

PrestaShop, acting as a data controller, within the meaning of the General Data Protection Regulation 2016/679 dated 27 April 2016 (“GDPR) and the amended “Informatique et Libertés” law of 6 January 1978 attaches great importance to the principle of personal data protection.

 

ARTICLE 2 – COLLECTED DATA

2.1 Personal Data

Depending on the nature and purpose of your interaction with PrestaShop (downloading the solution, creating a user account on the Forum, subscribing to one or more of the Newsletters, filling in the contact forms, as well as during possible telephone exchanges) we are likely to collect the following Data :

  • Data relating to your identity such as your name, first name, user category, e-mail address, may be requested ;
  • Data relating to navigation: this is Data relating to the way in which you use the Websites including : IP address, the browser used, the duration of navigation, the search history, the operating system used, the language and the pages viewed ;
  • Data relating to the use of social networks when you use their features ;
  • Business data such as turnover achieved ;
  • Financial Data ;
  • Telephone conversations.

 

2.2. Non-personal data 

You acknowledge and agree that the information intended for publication in the Forum that you provide (the “Contributions“) as well as your user name are public, any other user of the Forum may have access to it, even after unsubscribing or deleting your account. Consequently, the Contributions and the answers to them will not be subject to deletion.

In addition, you acknowledge that the following elements do not constitute personal data, and may not be subject to a request for modification or deletion :

  • Any data relating to a company, including but not limited to: a company telephone number, a company email address, a registered trademark, a company name, a link to a company web page or a company social network profile ;
  • Any technical or computer data, including but not limited to: the code and components of a module distributed under an open source license, computer formulas ;
  • Users’ contributions, provided that they are not identifiable, including but not limited to: the content of replies sent to other users on the Forum, messages opening a topic on the Forum.

 

ARTICLE 3 – COLLECTION PROCESS

Data can be collected in several ways on the Websites.

It may be collected directly when you communicate with us through user account creation and Newsletter subscription forms available on our Websites, when you download the solution and documentation available on the Websites, when you book training courses and when you notify us of illicit content.

Furthermore, we are likely to collect your Data when you use the various contact forms on the Websites and/or communicate with PrestaShop by telephone or email.

When you contact us via these various means, a copy of your conversation with PrestaShop, including email addresses, is created and archived.

You may also submit Contributions to us on our Websites for free access, or to other users or third parties. Your Contributions to the Websites are posted at your own risk. PrestaShop cannot control the actions of other users of the Websites with whom you share your Contributions. Thus, we cannot guarantee that your Data will not be viewed by unauthorized users. Requests to remove Contributions posted on the Websites should be sent to [email protected]. In some cases, Contributions may not be deleted. In such cases, you will be informed of the reason for the refusal.

PrestaShop also indirectly collects your Data through cookies and tracers. We invite you to read our Cookie Policy below, which is designed to help you better understand these technologies and how we use them on our Websites and in our services, applications and tools.

ARTICLE 4 – PURPOSES AND LEGAL BASIS

Purposes of the processing

Legal basis

Register on the Forum

Contractual commitment

Enable you to join the PrestaShop Lab

Contractual commitment

Enable you to join the PrestaShop Lab

Contractual commitment

Sign up for the Ambassador program

Contractual commitment

Enable you to subscribe to our services presented on the Websites

Contractual commitment

Enable you to contact us via the various contact channels available on the Websites and contact you afterwards (answer your support request, detail our offers, etc.)

Legitimate interest

 

We consider that we have a legitimate interest in answering the questions or consultations that you have raised through the different existing contact channels.

Enable us to randomly record some of our telephone conversations

Legitimate interest 

 

We consider that we have a legitimate interest in improving our services and for training purposes.

You can object to this recording by making the request during your telephone conversation as mentioned in the oral statement at the beginning of the conversation.

Enable you to contact us in order to advise you in your choice of partner agencies and/or to contact our partner agencies

Legitimate interest

 

We consider that we have a legitimate interest in responding to your requests for advice and ensuring the continuity of services by allowing you to contact our partner agencies.

Become a Partner Agency

Contractual commitment

Report illegal content

Legal obligation

Subscribe to newsletters about the PrestaShop solution and/or events organized or attended by PrestaShop and/or the official PrestaShop blog

Consent

Sign up for the Million Club

Contractual commitment

To enable you to exercise your rights in accordance with Article 9 of this Policy

Legal obligation

ARTICLE 5 – RECIPIENTS

5.1 PrestaShop collaborators

Your Data may be processed by the PrestaShop employees.

 

5.2 Third parties

In the course of our business, and for external processing purposes, your Data may be communicated to subcontractors, service providers or other third parties.

Your Data will also be communicated to the partner agency that you wished to contact when you fill in the contact form on the page dedicated to the latter on the Websites.

The data collected in the context of the use of the Websites is hosted by the company Bearstech – 122 rue Amelot – 75011 Paris.

The management of our email campaigns (Newsletters) carried out through the services of HubSpot, Inc. – 25 First Street, 2nd Floor – Cambridge, MA 02141 USA. The company is bound by a data processing agreement to respect the confidentiality of the Data and to use it only for the purposes for which we provide it to them.

In the context of the management of our various contact forms accessible on our Sites, your Data your Data may be processed by Typeform – Carrer Bac de Roda, 163, local, 08018 Barcelona (Spain).

As part of the management of the Million Club, your Data may be processed by Slack Technologies, LLC. – 500 Howard Street, San Francisco, CA 94105, United States of America.

When you submit your Data to us in order to be advised on the choice of your partner agency, your Data may also be processed by our subcontractor Active Contact – 2 Rue de Guinée, Tunis 1002, Tunisia.

In the context of the management of the exercise of your rights provided for in Article 9 of this Policy, your Data may be processed by Data Legal Drive – 120 rue Jean Jaures, 92300 Levallois-Perret, France.

The latter are bound by contractual obligations to maintain the confidentiality of the Data and to use it solely for the purposes for which we provide them.

 

5.3 Disclosure in case of transfer

Your Data may also be sent to any buyer or successor in the event of the merger, transfer, restructuring, reorganization, dissolution or other sale or transfer of some or all of PrestaShop’s assets due to uncertainties, bankruptcy, liquidation or other processes in which the Data of Users of PrestaShop’s various websites are listed among the transferred assets.

 

5.4 Legal disclosure

Lastly, we may also disclose your Data :

  • To comply with legal mandates, laws and legal procedures, including governmental and regulatory requests,
  • If we deem that disclosure is required or appropriate within the scope of protecting the rights, ownership or security of PrestaShop, our clients and other stakeholders. This disclosure includes exchanging information with other companies and organizations for the purpose of protecting against fraud and counterfeiting.

 

ARTICLE 6 – DATA TRANSFERS

As part of our PrestaShop Professional services, your Data may be communicated to GrowthRobotics – 500027 California California, US – USA.

As part of our ChatBot services, your Data may be transferred to Drift.com – 02116 Boston, MA – USA.

In the context of our email campaigns, your Data may be communicated to HubSpot – 25 First Street, 2nd Floor, Cambridge, MA 02141, USA.

As part of the management of the Million Club, your Data may be processed by Slack Technologies, LLC. – 500 Howard Street, San Francisco, CA 94105, United States of America.

As part of the management of our partner agency program, your Data may be communicated to our subcontractor Active Contact – 2 Rue de Guinée, Tunis 1002, Tunisia. Also, some of our partner agencies are based outside the European Union. Depending on the partner agency you choose, your Data may be transferred. All data transfers with our partner agencies based outside the European Union are strictly regulated by the signing of the European Commission’s standard contractual clauses and the implementation of additional safeguards.

The above-mentioned transfers of your Data outside the European Union are only carried out after appropriate safeguards have been put in place and are strictly regulated by our subcontractors signing the European Commission’s standard contractual clauses. These make it possible to ensure a level of protection and security in line with the applicable legislation on the protection of personal data.

By using the Websites, you accept that your Data may be transferred to these servers.

 

ARTICLE 7 – DATA STORAGE

PrestaShop only stores your Data for the period necessary for the purposes explained in Article 4.

This storage period varies according to the Data in question, as it may be affected by the nature and purpose of the collection. Similarly, certain legal obligations stipulate a specific storage period.

When you contact PrestaShop through the various contact forms, telephone numbers, your Data will be kept for three (3) years from the last exchange with PrestaShop and then deleted.

Telephone Recording Data for service improvement and training purposes is retained for one (1) year from the time of recording.

If you contact us to become a partner agency or a partner, your Data will be kept for the duration of the contract and for five (5) years from the end of the contractual relationship. Otherwise, it will be kept for three (3) years.

When you use the contact form to contact an agency, your Data will be kept for six (6) months and then archived for five (5) years as evidence of our contractual relationship with the agency. It will then be deleted.

When you comment on an agency, your Data will be retained for eighteen (18) months.

When you fill out the contact form to join the PrestaShop Lab, your Data will be kept for three (3) years. If you join the PrestaShop Lab program, your Data will be kept for the duration of your participation in the program. If you decide to end your participation, your Data will be retained for three (3) years and then deleted.

 

In the context of the Forum :

  • Your Login Data will be retained for one (1) year from each login.
  • Your User Account Information is retained for the duration of your registration and for two (2) years after you close your account.

 

When you wish to download one of our guides, and you have accepted or subscribed to our Websites’ Newsletters, your Data will be retained until you unsubscribe from them. If you have not agreed to receive our Newsletters in this form, your Data will be kept for two (2) years.

When you report illegal content to PrestaShop, the length of time we retain Data may vary depending on the infringement and the statute of limitations applicable to the infringement.

When you wish to promote your shop on our Websites, your Data will be kept for the duration of the promotion of your Websites, at this address /examples. It will be deleted at your request.

Where you exercise your rights under Article 9 of this Policy, your Data will be stored for a period of five (5) years and then deleted.

Finally, with respect to Data collected by means of cookies or tracers, it will be retained for the period indicated in the PrestaShop.com Cookie Policy below.

 

ARTICLE 8 – LIMITATION OF SERVICE

You may choose not to provide us with some of your Data. If you do so, the service we offer you may be affected.

You may browse the Websites without providing any Data. In this case, you will not be able to use certain features of the Websites and in particular, to download the PrestaShop solution and documentation, to register to the Forum, to the PrestaShop Lab, to the Ambassador program.

You may decide not to provide your email address in the various contact forms. In this case, you should know that you will not be able to get any answer from PrestaShop or from the partner agency you wish to contact.

In any case, you can access your Forum and PrestaShop Lab user accounts at any time to consult or update your Data.

You may decide not to receive the Newsletter. In this case, simply unsubscribe using the link in the email that sends you the Newsletter.

 

ARTICLE 9 – RIGHTS

9.1 Rights to your Data

In accordance with the provisions of the applicable regulations on the protection of personal data, in particular the European Regulation 2016/679 on Data Protection (hereinafter the “RGPD”) as well as the amended “Informatique et Libertés” law of 6 January 1978, we undertake to guarantee the exercise of your rights.

 

Regardless of the purpose or legal basis of the processing, you have :

  • right of access to the Data we hold about you,
  • right to rectify your Data that we already hold,
  • right to have your Data deleted,
  • right to limit the processing of your Data,
  • right to set out instructions on what to do with your Data in the event of your death.

 

If you have given us your consent to process your Data, you also have the right to withdraw that consent at any time. However, the withdrawal of consent does not render unlawful any processing already carried out on that legal basis.

If you have given us your consent to process your Data or the processing is based on contractual commitment, you have a right to the portability of your Data provided.

Finally, if the processing is based on the legitimate interest of PrestaShop, you have a right to object on legitimate grounds in accordance with Article 21 of the GDPR ; where the data is processed for the purpose of canvassing, you will not be required to provide grounds.

 

9.2 Exercising these rights 

You may exercise these rights by sending an email in English, French or Spanish to [email protected] or to the following address :

PrestaShop S.A – Complaints Department 

Personal Data 

4, rue Jules Lefebvre- 75009 Paris

We have a period of one month to respond to any request relating to the exercise of your rights from the date of receipt of the request. This period may be extended by two months, due to the complexity or excessive number of requests.

In accordance with Article 12.6 of the RGPD, to exercise these rights, PrestaShop, as the data controller, reserves the right to ask you to prove your identity. We inform you that the data allowing us to justify your identity will be deleted once we have answered your request.

Finally, you have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), notably on its website www.cnil.fr.

 

ARTICLE 10 – SECURITY

Your Data is stored on secure servers protected by firewalls and antivirus software.

We have implemented technical and organizational measures intended to protect the security and confidentiality of your Data against any accidental loss and any unauthorized access, use, modification or disclosure.

Given the inherent characteristics of the internet, we cannot guarantee the optimal security of information exchanged over this network.

We strive to protect your Data, but cannot guarantee the absolute security of information sent to the Website. You agree that you provide your Data at your own risk.

We cannot be held liable for any failure to comply with privacy settings and security measures implemented on our Websites.

As such, you agree that the security of your information is equally your responsibility. For instance, you are responsible for keeping your user account password confidential.

Never provide it to any third parties. Similarly, be careful when you share information in the public sections of the Websites as they can be viewed by all Websites users.

The Websites may contain links to various social network platforms managed on third party servers by people and organizations over which PrestaShop has no control.

As such, we cannot under any circumstances be held liable for the way in which your Data is stored or used on those third party servers.

We recommend that you read the applicable policy regarding personal Data protection for each third party Websites you access via our Websites in order to understand how your Data will be used.

 

ARTICLE 11 – REVISION OF THE POLICY

Given the constant evolution of laws and regulations regarding technology and the protection of personal data, it is likely that this Policy will be updated.

If you are a user of the Websites, you will be notified of any major changes by email.

If any provision of this Policy is found to be invalid or unlawful, it shall be deemed unwritten and shall not affect the validity of the remaining provisions of the Policy.


 

COOKIE POLICY

When you visit or use the Websites, PrestaShop and our partner service providers may use cookies and any other tracing/tracking/automatic data collection technologies to store information that can be used to offer you an improved, faster, more secure experience.

The purpose of this cookie policy is to help you better understand these technologies and how we use them.

 

What is a cookie?

Cookies are small text files (normally comprising letters and numbers) stored in the memory of your browser or device when you visit a Website or view a message.

They enable a Website to recognise the browser or device. Like most Websites, PrestaShop mostly uses technologies through little data files stored on your device which enable us to save certain information when you visit or use our Website.

There are several types of cookies:

– Session cookies: these expire when you close your browser and enable us to link your actions during this specific session.
– Persistent cookies: these are stored on your device between browser sessions and enable us to remember your preferences and actions on several websites.
– Proprietary cookies: these are issued by the website you are visiting.
– Third-party cookies: these are issued by a third party website separate from the website you are visiting.

 

Which cookies do we use?

Our cookies have various purposes. They may:

  1. Be required for our services to operate;
  2. Help us improve our performance;
  3. Offer you extra features;
  4. Help us offer you relevant, targeted advertising.

We use cookies and other similar tracking technology stored on your device only while your browser is open (session cookies), and cookies and other similar technology stored on your device for a longer period (persistent cookies).

  • Technical and Necessary cookies  

PrestaShop issues session cookies which are strictly necessary for the Websites’ correct operation and your browsing on them. These cookies do not require prior consent to be deposited on the terminal.

For more information on the use of the data collected, please consult the following page:

Cookie name

Cookie purpose

Lifespan

axeptio_cookies

Management of user consent for our websites.

12 months

axeptio_all_vendors

Management of user consent for our websites.

12 months

axeptio_authorized_vendors

Management of user consent for our websites.

12 months

Language

Contains the current language.

12 months

Session_id

Records the user session ID.

Identifies the http session of the user and its requests during a session.

Optional

Drupal.session_cache.smart_ip

Stores user location details based on their IP address. This data is only used to determine which regional variant of the site to display to users. The data is not permanently stored.

1 week

Drupal.session_cache.prestashop_prev_url

Used to restrict access to the confirmation page that is displayed after downloading the PrestaShop solution in the Download page.

1 week

has_js

Determines whether JavaScript is enabled for Drupal to perform operations that enhance the user experience.

End of browsing session

__cf_bm

Cloudflare’s bot products identify and mitigate automated traffic to protect your site from bad bots. Cloudflare places the __cf_bm cookie on End User devices that access Customer sites that are protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for the proper functioning of these bot solutions.

30 min

ips4_IPSSessionFront

This cookie contains the ID of your current session.

End of browsing session

ips4_forum_view

This cookie is set for information about the appearance of the forum.

12 months

ips4_hasJS

This cookie is set by JavaScript and is read later to determine if JavaScript is supported by the user agent.

1 day

ips4_ipsTimezone

This cookie is set by JavaScript to detect the user’s local time zone so that the time can be automatically updated.

End of browsing session

  • Analytical cookies 

PrestaShop may use cookies or tracers to help it evaluate the performance of the Site, its applications, services and tools, particularly in the context of analytical practices, to help it understand how visitors use the Site, to detect whether you have consulted a product or link or to improve the content of its Site, applications, services or tools.

For more information on the use of the data collected, please consult the following page:

Cookie name

Cookie purpose

Lifespan

_ga

Enables unique visitors to be distinguished on a website by attributing a unique identifier to each visitor

13 months

_gid

Used to distinguish users

24 hours

_gat_UE-nnn

Assigns an identifier to each visitor to distinguish them.

End of browsing session

_cs_id

ContentSquare user ID.

13 months

_cs_mk

This cookie is used for the Google Analytics

30 minutes

_cs_s

This cookies contains the number of pages viewed in the current session for the ContentSquare tool

End of browsing session

_cs_vars

This cookie is used by ContentSquare to record personalized variables.

30 minutes

_cs_same_site

This cookie identifies the user.

End of browsing session

_cs_c

This cookie is used by ContentSquare to store the user’s consent to the collection of data.

13 months

  • Advertising and profiling cookies

Partner service providers are companies that help us with various parts of our business, such as operating the Websites, our services (e.g. chat tool), our advertising and our tools. These cookies require prior consent to be deposited on the terminal.

These partner service providers can also collect information enabling them to identify your device via our services (third-party cookies) and/or collect information enabling them to identify your device, such as your IP address and other unique identifiers.

Cookie name

Cookie purpose

Lifespan

test_cookie

Allows us to broadcast our advertising messages on the Google Network.

End of browsing session

_gcl_au

Allows us to broadcast our advertising messages on the Google Network.

3 months

av-mid

Unique AntVoice browser identifier

13 months

av-sess-id-380

Identifier of a browsing session on a specific site

30 mn

av-tp-adx

Technical cookie indicating the identity synchronisation status with the Google partner

2 days

av-tp-bsw

Technical cookie indicating the identity synchronisation status with the Bidswitch partner

2 days

av-tp-id-set

Technical cookie to validate that the browser accepts third party cookies

2 days

IR_PI

Partnership management

720 days

IR_17612

Partnership management

End of browsing session

IR_gbd

Partnership management

End of browsing session

floodlights DV360

This tag allows us to improve our conversion tracking.

1 year

analytics.js

This tracker allows the tracking of interactions between the user and the page.

1 year

  • Cookies or tracers allowing you to personalize your navigation

To provide you with a better user experience, PrestaShop uses the services of AB Tasty, Drift and Hubspot. These cookies require prior consent to be deposited on the terminal. For more information on the use of the data collected by these companies, we invite you to consult the following pages:

Cookie name

Cookie purpose

Lifespan

ABTasty

Information for A/B tests

13 months

ABTastySession

User session AB Testing

End of browsing session

ABTastyUTMB

Information for A/B test

Few minutes

hubspotutk

Allows authentication of visitors.

13 months

__hstc

Use for time stamping.

12 months

__hssc

This cookie keeps track of sessions. It is used to determine whether HubSpot should increase the session number and timestamp data.

30 minutes

__hssrc

This cookie is set to determine whether the visitor has reset their browser. In the absence of this cookie when HubSpot processes cookies, the session is considered new.

End of browsing session

drift_campaign_refresh

This is the session identifier token. It is used to tie the visitor on your website with a current website session within the Drift system.

30 minutes

drift_aid

This is the anonymous identifier token. It is used to tie the visitor on your website with the profile within the Drift system.

12 months

_hjSessionUser

This cookie keeps the Hotjar user ID, unique to this site, on the browser. This ensures that behaviour on subsequent visits to the same site is attributed to the same user ID.

12 months

_hjSession

This cookie contains the data of the current session. This means that subsequent requests in the session window will be attributed to the same Hotjar session.

30 minutes

__zlcmid

This cookie is used to provide a live customer chat service on our Site. This cookie allows you to continue chatting with us as you navigate through the various pages of our Site, or when you return to the Site.

12 months

  • Social network cookies

PrestaShop’s services may include third-party applications giving you the option of sharing content on social networks. These cookies require prior consent to be deposited on the terminal.

For more information about the utilisation of data collected by social networks, you may consult the following pages :

COOKIE NAME

COOKIE PURPOSE

LIFESPAN

_fbp

Encrypted Facebook ID and Browser ID

3 months

bscookie

Enables tracking of the use of integrated services.

12 hours

lang

Allows the storage of custom variables such as language.

End of the browsing session

lissc

Enables tracking of the use of integrated services.

12 months

lidc

Enables tracking of the use of integrated services.

24 hours

UserMatchHistory

Allows Linkedin to offer you targeted advertising.

2 months

personalization_id

Identifies visitors from Twitter

13 months

m-b

Identifies visitors from Quora

12 months

How do I manage cookie storage and consultation ?

Certain features of our Websites, services, applications and tools are made available to you only through the use of these cookies or trackers.

However, refusing to use these technologies may result in certain features of our services being unavailable.

For more information on blocking, deleting or disabling these technologies, please see your browser or device settings.

For third-party cookies, you can configure your browser settings to refuse all third-party cookies.