Personal data protection policy
Last modified : February 6 2023
It is normal to place special emphasis on how your data is obtained, used and shared.
That is why this personal data protection policy (the “Policy”) has been created to help you understand the practices and conditions in which PrestaShop SA – a public limited company entered the Paris company and trade register under no. 497 916 635, having its offices at 198, avenue de France, 75013 Paris, (“PrestaShop”) gathers, uses and stores your personal data (the “Data”).
In this document you will find the various Data that we may collect and process or that you may provide to us when you access :
- The https://prestashop.com website (the “Website”)
- The websites :
- https://www.prestashop.com/forums (the “Forum”),
- /prestashop-lab (the “PrestaShop Lab”),
- https://ambassadors.prestashop.com (the “Ambassador Program“).
- https://growth.prestashop.com
The abovementioned URLs are collectively referred to as the “Websites”.
Use of all the Websites is subject to this Policy.
It does not apply to information collected by any third party or through websites managed by the latter, including via applications and content (including advertisements) redirecting users to the Website.
Please read the Policy carefully to clearly understand our practices regarding the processing of your Data. Please be aware that you must agree to this Policy in order to view and/or use our Websites.
If you do not agree, please do not use our Websites.
ARTICLE 1 – DATA CONTROLLER
PrestaShop, acting as a data controller, within the meaning of the General Data Protection Regulation 2016/679 dated 27 April 2016 (“GDPR) and the amended “Informatique et Libertés” law of 6 January 1978 attaches great importance to the principle of personal data protection.
ARTICLE 2 – COLLECTED DATA
2.1 Personal Data
Depending on the nature and purpose of your interaction with PrestaShop (downloading the solution, creating a user account on the Forum, subscribing to one or more of the Newsletters, filling in the contact forms, as well as during possible telephone exchanges) we are likely to collect the following Data :
- Data relating to your identity such as your name, first name, user category, e-mail address, may be requested ;
- Data relating to navigation: this is Data relating to the way in which you use the Websites including : IP address, the browser used, the duration of navigation, the search history, the operating system used, the language and the pages viewed ;
- Data relating to the use of social networks when you use their features ;
- Business data such as turnover achieved ;
- Financial Data ;
- Telephone conversations.
2.2. Non-personal data
You acknowledge and agree that the information intended for publication in the Forum that you provide (the “Contributions“) as well as your user name are public, any other user of the Forum may have access to it, even after unsubscribing or deleting your account. Consequently, the Contributions and the answers to them will not be subject to deletion.
In addition, you acknowledge that the following elements do not constitute personal data, and may not be subject to a request for modification or deletion :
- Any data relating to a company, including but not limited to: a company telephone number, a company email address, a registered trademark, a company name, a link to a company web page or a company social network profile ;
- Any technical or computer data, including but not limited to: the code and components of a module distributed under an open source license, computer formulas ;
- Users’ contributions, provided that they are not identifiable, including but not limited to: the content of replies sent to other users on the Forum, messages opening a topic on the Forum.
ARTICLE 3 – COLLECTION PROCESS
Data can be collected in several ways on the Websites.
It may be collected directly when you communicate with us through user account creation and Newsletter subscription forms available on our Websites, when you download the solution and documentation available on the Websites, when you book training courses and when you notify us of illicit content.
Furthermore, we are likely to collect your Data when you use the various contact forms on the Websites and/or communicate with PrestaShop by telephone or email.
When you contact us via these various means, a copy of your conversation with PrestaShop, including email addresses, is created and archived.
You may also submit Contributions to us on our Websites for free access, or to other users or third parties. Your Contributions to the Websites are posted at your own risk. PrestaShop cannot control the actions of other users of the Websites with whom you share your Contributions. Thus, we cannot guarantee that your Data will not be viewed by unauthorized users. Requests to remove Contributions posted on the Websites should be sent to [email protected]. In some cases, Contributions may not be deleted. In such cases, you will be informed of the reason for the refusal.
PrestaShop also indirectly collects your Data through cookies and tracers. We invite you to read our Cookie Policy below, which is designed to help you better understand these technologies and how we use them on our Websites and in our services, applications and tools.
ARTICLE 4 – PURPOSES AND LEGAL BASIS
ARTICLE 5 – RECIPIENTS
5.1 PrestaShop collaborators
Your Data may be processed by the PrestaShop employees.
5.2 Third parties
In the course of our business, and for external processing purposes, your Data may be communicated to subcontractors, service providers or other third parties.
Your Data will also be communicated to the partner agency that you wished to contact when you fill in the contact form on the page dedicated to the latter on the Websites.
The data collected in the context of the use of the Websites is hosted by the company Bearstech – 122 rue Amelot – 75011 Paris.
The management of our email campaigns (Newsletters) carried out through the services of HubSpot, Inc. – 25 First Street, 2nd Floor – Cambridge, MA 02141 USA. The company is bound by a data processing agreement to respect the confidentiality of the Data and to use it only for the purposes for which we provide it to them.
In the context of the management of our various contact forms accessible on our Sites, your Data your Data may be processed by Typeform – Carrer Bac de Roda, 163, local, 08018 Barcelona (Spain).
As part of the management of the Million Club, your Data may be processed by Slack Technologies, LLC. – 500 Howard Street, San Francisco, CA 94105, United States of America.
When you submit your Data to us in order to be advised on the choice of your partner agency, your Data may also be processed by our subcontractor Active Contact – 2 Rue de Guinée, Tunis 1002, Tunisia.
In the context of the management of the exercise of your rights provided for in Article 9 of this Policy, your Data may be processed by Data Legal Drive – 120 rue Jean Jaures, 92300 Levallois-Perret, France.
The latter are bound by contractual obligations to maintain the confidentiality of the Data and to use it solely for the purposes for which we provide them.
5.3 Disclosure in case of transfer
Your Data may also be sent to any buyer or successor in the event of the merger, transfer, restructuring, reorganization, dissolution or other sale or transfer of some or all of PrestaShop’s assets due to uncertainties, bankruptcy, liquidation or other processes in which the Data of Users of PrestaShop’s various websites are listed among the transferred assets.
5.4 Legal disclosure
Lastly, we may also disclose your Data :
- To comply with legal mandates, laws and legal procedures, including governmental and regulatory requests,
- If we deem that disclosure is required or appropriate within the scope of protecting the rights, ownership or security of PrestaShop, our clients and other stakeholders. This disclosure includes exchanging information with other companies and organizations for the purpose of protecting against fraud and counterfeiting.
ARTICLE 6 – DATA TRANSFERS
As part of our PrestaShop Professional services, your Data may be communicated to GrowthRobotics – 500027 California California, US – USA.
As part of our ChatBot services, your Data may be transferred to Drift.com – 02116 Boston, MA – USA.
In the context of our email campaigns, your Data may be communicated to HubSpot – 25 First Street, 2nd Floor, Cambridge, MA 02141, USA.
As part of the management of the Million Club, your Data may be processed by Slack Technologies, LLC. – 500 Howard Street, San Francisco, CA 94105, United States of America.
As part of the management of our partner agency program, your Data may be communicated to our subcontractor Active Contact – 2 Rue de Guinée, Tunis 1002, Tunisia. Also, some of our partner agencies are based outside the European Union. Depending on the partner agency you choose, your Data may be transferred. All data transfers with our partner agencies based outside the European Union are strictly regulated by the signing of the European Commission’s standard contractual clauses and the implementation of additional safeguards.
The above-mentioned transfers of your Data outside the European Union are only carried out after appropriate safeguards have been put in place and are strictly regulated by our subcontractors signing the European Commission’s standard contractual clauses. These make it possible to ensure a level of protection and security in line with the applicable legislation on the protection of personal data.
By using the Websites, you accept that your Data may be transferred to these servers.
ARTICLE 7 – DATA STORAGE
PrestaShop only stores your Data for the period necessary for the purposes explained in Article 4.
This storage period varies according to the Data in question, as it may be affected by the nature and purpose of the collection. Similarly, certain legal obligations stipulate a specific storage period.
When you contact PrestaShop through the various contact forms, telephone numbers, your Data will be kept for three (3) years from the last exchange with PrestaShop and then deleted.
Telephone Recording Data for service improvement and training purposes is retained for one (1) year from the time of recording.
If you contact us to become a partner agency or a partner, your Data will be kept for the duration of the contract and for five (5) years from the end of the contractual relationship. Otherwise, it will be kept for three (3) years.
When you use the contact form to contact an agency, your Data will be kept for six (6) months and then archived for five (5) years as evidence of our contractual relationship with the agency. It will then be deleted.
When you comment on an agency, your Data will be retained for eighteen (18) months.
When you fill out the contact form to join the PrestaShop Lab, your Data will be kept for three (3) years. If you join the PrestaShop Lab program, your Data will be kept for the duration of your participation in the program. If you decide to end your participation, your Data will be retained for three (3) years and then deleted.
In the context of the Forum :
- Your Login Data will be retained for one (1) year from each login.
- Your User Account Information is retained for the duration of your registration and for two (2) years after you close your account.
When you wish to download one of our guides, and you have accepted or subscribed to our Websites’ Newsletters, your Data will be retained until you unsubscribe from them. If you have not agreed to receive our Newsletters in this form, your Data will be kept for two (2) years.
When you report illegal content to PrestaShop, the length of time we retain Data may vary depending on the infringement and the statute of limitations applicable to the infringement.
When you wish to promote your shop on our Websites, your Data will be kept for the duration of the promotion of your Websites, at this address /examples. It will be deleted at your request.
Where you exercise your rights under Article 9 of this Policy, your Data will be stored for a period of five (5) years and then deleted.
Finally, with respect to Data collected by means of cookies or tracers, it will be retained for the period indicated in the PrestaShop.com Cookie Policy below.
ARTICLE 8 – LIMITATION OF SERVICE
You may choose not to provide us with some of your Data. If you do so, the service we offer you may be affected.
You may browse the Websites without providing any Data. In this case, you will not be able to use certain features of the Websites and in particular, to download the PrestaShop solution and documentation, to register to the Forum, to the PrestaShop Lab, to the Ambassador program.
You may decide not to provide your email address in the various contact forms. In this case, you should know that you will not be able to get any answer from PrestaShop or from the partner agency you wish to contact.
In any case, you can access your Forum and PrestaShop Lab user accounts at any time to consult or update your Data.
You may decide not to receive the Newsletter. In this case, simply unsubscribe using the link in the email that sends you the Newsletter.
ARTICLE 9 – RIGHTS
9.1 Rights to your Data
In accordance with the provisions of the applicable regulations on the protection of personal data, in particular the European Regulation 2016/679 on Data Protection (hereinafter the “RGPD”) as well as the amended “Informatique et Libertés” law of 6 January 1978, we undertake to guarantee the exercise of your rights.
Regardless of the purpose or legal basis of the processing, you have :
- A right of access to the Data we hold about you,
- A right to rectify your Data that we already hold,
- A right to have your Data deleted,
- A right to limit the processing of your Data,
- A right to set out instructions on what to do with your Data in the event of your death.
If you have given us your consent to process your Data, you also have the right to withdraw that consent at any time. However, the withdrawal of consent does not render unlawful any processing already carried out on that legal basis.
If you have given us your consent to process your Data or the processing is based on contractual commitment, you have a right to the portability of your Data provided.
Finally, if the processing is based on the legitimate interest of PrestaShop, you have a right to object on legitimate grounds in accordance with Article 21 of the GDPR ; where the data is processed for the purpose of canvassing, you will not be required to provide grounds.
9.2 Exercising these rights
You may exercise these rights by sending an email in English, French or Spanish to [email protected] or to the following address :
PrestaShop S.A – Complaints Department
Personal Data
4, rue Jules Lefebvre- 75009 Paris
We have a period of one month to respond to any request relating to the exercise of your rights from the date of receipt of the request. This period may be extended by two months, due to the complexity or excessive number of requests.
In accordance with Article 12.6 of the RGPD, to exercise these rights, PrestaShop, as the data controller, reserves the right to ask you to prove your identity. We inform you that the data allowing us to justify your identity will be deleted once we have answered your request.
Finally, you have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), notably on its website www.cnil.fr.
ARTICLE 10 – SECURITY
Your Data is stored on secure servers protected by firewalls and antivirus software.
We have implemented technical and organizational measures intended to protect the security and confidentiality of your Data against any accidental loss and any unauthorized access, use, modification or disclosure.
Given the inherent characteristics of the internet, we cannot guarantee the optimal security of information exchanged over this network.
We strive to protect your Data, but cannot guarantee the absolute security of information sent to the Website. You agree that you provide your Data at your own risk.
We cannot be held liable for any failure to comply with privacy settings and security measures implemented on our Websites.
As such, you agree that the security of your information is equally your responsibility. For instance, you are responsible for keeping your user account password confidential.
Never provide it to any third parties. Similarly, be careful when you share information in the public sections of the Websites as they can be viewed by all Websites users.
The Websites may contain links to various social network platforms managed on third party servers by people and organizations over which PrestaShop has no control.
As such, we cannot under any circumstances be held liable for the way in which your Data is stored or used on those third party servers.
We recommend that you read the applicable policy regarding personal Data protection for each third party Websites you access via our Websites in order to understand how your Data will be used.
ARTICLE 11 – REVISION OF THE POLICY
Given the constant evolution of laws and regulations regarding technology and the protection of personal data, it is likely that this Policy will be updated.
If you are a user of the Websites, you will be notified of any major changes by email.
If any provision of this Policy is found to be invalid or unlawful, it shall be deemed unwritten and shall not affect the validity of the remaining provisions of the Policy.
COOKIE POLICY
When you visit or use the Websites, PrestaShop and our partner service providers may use cookies and any other tracing/tracking/automatic data collection technologies to store information that can be used to offer you an improved, faster, more secure experience.
The purpose of this cookie policy is to help you better understand these technologies and how we use them.
What is a cookie?
Cookies are small text files (normally comprising letters and numbers) stored in the memory of your browser or device when you visit a Website or view a message.
They enable a Website to recognise the browser or device. Like most Websites, PrestaShop mostly uses technologies through little data files stored on your device which enable us to save certain information when you visit or use our Website.
There are several types of cookies:
– Session cookies: these expire when you close your browser and enable us to link your actions during this specific session.
– Persistent cookies: these are stored on your device between browser sessions and enable us to remember your preferences and actions on several websites.
– Proprietary cookies: these are issued by the website you are visiting.
– Third-party cookies: these are issued by a third party website separate from the website you are visiting.
Which cookies do we use?
Our cookies have various purposes. They may:
- Be required for our services to operate;
- Help us improve our performance;
- Offer you extra features;
- Help us offer you relevant, targeted advertising.
We use cookies and other similar tracking technology stored on your device only while your browser is open (session cookies), and cookies and other similar technology stored on your device for a longer period (persistent cookies).
- Technical and Necessary cookies
PrestaShop issues session cookies which are strictly necessary for the Websites’ correct operation and your browsing on them. These cookies do not require prior consent to be deposited on the terminal.
For more information on the use of the data collected, please consult the following page:
- Analytical cookies
PrestaShop may use cookies or tracers to help it evaluate the performance of the Site, its applications, services and tools, particularly in the context of analytical practices, to help it understand how visitors use the Site, to detect whether you have consulted a product or link or to improve the content of its Site, applications, services or tools.
For more information on the use of the data collected, please consult the following page:
- Advertising and profiling cookies
Partner service providers are companies that help us with various parts of our business, such as operating the Websites, our services (e.g. chat tool), our advertising and our tools. These cookies require prior consent to be deposited on the terminal.
These partner service providers can also collect information enabling them to identify your device via our services (third-party cookies) and/or collect information enabling them to identify your device, such as your IP address and other unique identifiers.
- Cookies or tracers allowing you to personalize your navigation
To provide you with a better user experience, PrestaShop uses the services of AB Tasty, Drift and Hubspot. These cookies require prior consent to be deposited on the terminal. For more information on the use of the data collected by these companies, we invite you to consult the following pages:
- Social network cookies
PrestaShop’s services may include third-party applications giving you the option of sharing content on social networks. These cookies require prior consent to be deposited on the terminal.
For more information about the utilisation of data collected by social networks, you may consult the following pages :
How do I manage cookie storage and consultation ?
Certain features of our Websites, services, applications and tools are made available to you only through the use of these cookies or trackers.
However, refusing to use these technologies may result in certain features of our services being unavailable.
For more information on blocking, deleting or disabling these technologies, please see your browser or device settings.
For third-party cookies, you can configure your browser settings to refuse all third-party cookies.
- For Google Chrome, visit this link.
- For Mozilla Firefox, visit this link.
- For Microsoft Edge, visit this link.
- For Opera, follow this link.
- For Internet Explorer, follow this link.
- For Apple Safari, see this link.