PERSONAL DATA PROTECTION POLICY
PrestaShop, Hosted offer
ARTICLE 1 – For what purposes and on what basis do we collect your Personal Data?
ARTICLE 2 – Who are the recipients of your Personal Data?
ARTICLE 3 – How long is your Personal Data kept??
ARTICLE 4 – Comment Do we keep your Personal Data secure?
ARTICLE 5 – Does PrestaShop transfer my Personal Data outside the European Union?
ARTICLE 6 – What are your rights ?
ARTICLE 7 – How do we use “cookies” and other tracking technologies?
ANNEX 1 – Cookies policy
ANNEX 2 – List of our subcontractors
This Personal Data Protection Policy (hereinafter the “Policy”) has been drawn up to enable you to become aware of the conditions under which PrestaShop collects and processes your personal data (hereinafter “Personal Data” or “Data”) as part of your use of the PrestaShop, Hosted offer.
This Policy is aimed at users of the PrestaShop, Hosted offer.
We thank you for reading the Policy carefully in order to clearly understand our practices regarding the processing of your Personal Data and inform you that the consultation and use of our services are subject to this Policy. If you do not agree with this Policy, we invite you not to use our services.
ARTICLE 1 – For what purposes and on what basis do we collect your Personal Data?
As part of the PrestaShop, Hosted offer, we are required to collect and process:
- personal information about you: that you provide to us: about you, your business and/or members of your staff or other person related to your business
(Last name, first name, name of your employees, name of your company, email address, telephone number, VAT number, etc.) - personal information about your customers: We collect and use personal data about your customers as part of the PrestaShop, Hosted offer. In this context, we are considered a Data Processor of the personal data concerned. This information is management speak personal data subcontracting contract.
PrestaShop may collect your Personal Data for the following purposes:
| Purposes | Legal basis |
|---|---|
| Providing our services → account creation, use of our services, providing assistance and support services, providing assistance, invoice management, dispute management, etc. |
Contractual commitments → General conditions of our services |
| Ensure and improve our services → ensure the proper functioning of our services, test additional features or services |
Legitimate interest → Analysis and improvement of services |
| Evaluate and analyze performance | Legitimate interest → Analysis and improvement of services |
| Communicate with you → management of requests for information and comments, responding to your contact requests, advising you, communicating modifications and updates, alerting you in the event of security incidents, etc |
Legitimate interest → We consider that we have a legitimate interest in responding to the questions or consultations that you have raised via the various existing contact channels. |
| Marketing → Commercial prospecting, newsletters, etc. |
Legitimate interest → In accordance with CNIL recommendations regarding B2B commercial prospecting, you may receive commercial communications for similar products or services. You can object to this processing at any time, using the collection form or directly in the emails received. |
| Ensuring the security of our services → Fraud detection and prevention, information system security, etc. |
Legitimate interest → Ensure the security of our services |
| Meet our legal requirements → Respond to requests from authorities, comply with laws and regulations, Respond to requests to exercise rights mentioned in article 6 of this Policy |
Legal obligations |
ARTICLE 2 – Who are the recipients of your Personal Data?
- Processing of your Personal Data by PrestaShop employees
PrestaShop employees are required to process your Personal Data.
- Processing of your Data personal by our Partners official
As part of monitoring the management of the partnership with its official Partners, PrestaShop communicates the Data (date of download of the Connector, email address, telephone number if it has been provided, url of your website, first and last name) of its users who have downloaded the Connectors allowing them to use the services of their official Partners or users who have subscribed to the PrestaShop, Hosted offer.
Your Personal Data is communicated in order to:
(i) to enable us to monitor the management of the partnership concluded with PrestaShop,
(ii) to allow you to register for the Official Partner Service and,
(iii) to allow them to offer you personalized commercial offers unless you object.
By downloading the Connectors, you therefore agree that your Data will be transferred to said official Partners.
By subscribing to our PrestaShop, Hosted offer, you agree that your Personal Data will be transferred to Integrated Partners.
The latter are obliged by contractual obligations to respect the confidentiality of your Personal Data and to use it only for the purposes for which we transmit it to them.
- Processing of your Personal Data by Subcontractors
As part of our activity, and for external processing purposes, your Data may be communicated to subcontractors.
The latter are obliged, by a Data subcontracting contract, to respect the confidentiality of the Data and to use it only for the purposes for which we transmit it to them. In addition, transfers of Personal Data outside the European Union are subject to the signature of Standard Contractual Clauses with these.
Consult the complete list of our Subcontractorsin appendix 2.
- Processing of your Data for legal purposes
We may also disclose your Data:
– to comply with any legal mandate, law or legal process, including governmental and regulatory requests;
– if we believe that disclosure is necessary or appropriate to protect the rights, property or safety of PrestaShop, its customers or other stakeholders. Such disclosure includes exchanging information with other companies and organizations for the purposes of protection against fraud and counterfeiting.
– Your Data may be transmitted to any buyer or other successor in the event of a merger, assignment, restructuring, reorganization, dissolution or other sale or transfer of part or all of the assets of PrestaShop due to uncertainties or bankruptcy, liquidation or other processes in which User Data from the various PrestaShop sites are among the assets transferred.
ARTICLE 3 – How long is your Personal Data kept?
PrestaShop only keeps your Data for the duration necessary for the purposes as described in article 2.
This retention period is not the same depending on the Personal Data in question, the nature and purpose of the collection being likely to cause this duration to vary. Likewise, certain legal obligations impose a specific retention period.
Finally, we keep some of your Data for longer if necessary, for legitimate business purposes or if the law requires us to do so (whether for security purposes, financial data archiving, or fraud prevention and abuses).
ARTICLE 4 – Comment Do we keep your Personal Data secure?
We take the security of our information systems and the Personal Data we process to heart.
Thus, we implement all appropriate technical and organizational measures to guarantee a level of security of our processing adapted to the risk and ensure the confidentiality of the Personal Data that we collect.
Your Data is stored on secure servers and protected by firewalls and antiviruses.
Although we strive to protect your Personal Data, we cannot guarantee the absolute security of the exchange of information on the Internet. As such, you agree that the security of your information is also your responsibility. For example, it is your responsibility to keep secret the password allowing you to access your User account.
ARTICLE 5 – Does PrestaShop transfer my Personal Data outside the European Union?
In accordance with article 3 above, Data may be transmitted to our official Partners and/or Subcontractors located outside the European Union. In this case, PrestaShop makes every effort to ensure the security of Data passing outside the European Union, in particular by signing the Standard contractual clauses.
ARTICLE 6 – What are your rights?
In accordance with the provisions of the applicable Data protection regulations, in particular European Regulation 2016/679 on Data protection, you have a right of access and a right of rectification to your Data. You also have the right to define directives relating to the fate of your Data in the event of death.
In addition, subject to the conditions provided for by the GDPR for the exercise of these rights, you benefit from:
- A right to erasure of your Data;
- A right to limit the processing of your Data;
- A right to object to the processing of your Data for legitimate reasons, in accordance with Article 21 of the GDPR;
- A right to portability of the Data you have provided;
- When the processing of your Data is carried out on the basis of your consent, you can withdraw it at any time. You acknowledge, however, that processing carried out before the revocation of your consent remains perfectly valid.
In accordance with article 12.6 of the GDPR, for the exercise of these rights, PrestaShop, as Data Controller, reserves the right to ask you to prove your identity. We inform you that the Data used to prove your identity will be deleted once we have responded to your request.
You can exercise these rights by sending an email in French, English or Spanish to [email protected] or to the following address:
PrestaShop S.A
Legal Department
198 Av. de France, 75013 Paris
We have one month to respond to any request relating to the exercise of your rights. This deadline may be extended by two months due to complexity or too many requests.
Finally, you have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), in particular on its website www.cnil.fr.
ARTICLE 7 – How do we use “cookies” and other tracking technologies?
We use cookies and similar tracking technologies on our website and when providing our services. To obtain and view more information on how we use these technologies as well as an explanation of how you can opt out of certain types of cookies, please visit our Cookies policy (in appendix 1).
To note :
Given the constant evolution of laws and regulations regarding technology and Data protection, the Policy may be regularly updated. If you are a user of our services, we invite you to regularly consult this page. In addition, you will be informed of substantial modifications by email. Substantial modifications are considered to be modifications relating to the main characteristics of the processing of Personal Data (addition of new purposes, etc.).
If one of the clauses of the Policy were to be declared void or contrary to the regulations, it will be deemed unwritten, but will not result in the nullity of the other clauses of the Policy.
It does not apply to Personal Data collected by any third parties or through sites managed by them; including through applications or redirecting the user to theService.
ANNEX 1 – Cookies policy
When you visit or use our services, PrestaShop or its partner service providers may use cookies or other Data tracking technologies to store information to provide you with an improved, faster and more secure experience.
This Policy is intended for all users with a PrestaShop account, but also for users who have subscribed to the PrestaShop, Hosted offer.
This cookie policy aims to help you better understand these technologies and our use of them.
1. What is a cookie?
Cookies are small text files (most often consisting of letters and numbers), stored in the memory of your browser or device when you visit a website or view a message.
They allow a website to recognize the browser or device. Like most websites, PrestaShop uses technologies, mostly through small Data files stored on your device that allow us to record certain information when you visit or use our Site.
There are several types of cookies:
- Session cookies: they expire as soon as the browser is closed and allow us to link your actions during this particular session,
- Persistent cookies: they are stored on your device between browsing sessions and allow us to remember your preferences or actions on several sites,
- Proprietary cookies: they are issued by the site you are visiting,
- Third-party cookies: they are issued by a third-party site, separate from the site you are visiting.
2. What types of cookies do we use?
Our cookies have different functions. They can :
- Be necessary for the operation of our services,
- Help us improve our performance,
- Offer you additional features,
- Help us provide you with relevant and targeted advertising.
We use cookies or other similar tracking technologies that remain on your device only while your browser is open (session cookies), and cookies or other similar technologies that remain on your device for a longer period of time (cookies persistent).
| Cookie placed by | Name | Category | Description | Lifetime |
|---|---|---|---|---|
| Hotjar | _hjSessionUser | Analytic | This cookie keeps the Hotjar user ID, unique for this site, on the browser. This ensures that behavior on subsequent visits to the same site will be attributed to the same user ID | 12 months |
| _hjSession | Analytic | This cookie contains data from the current session. This means that subsequent requests in the session window will be assigned to the same Hotjar session | 30 minutes | |
| Google Analytics | _ga | Analytic | This cookie allows us to broadcast our advertising messages on the Google network | 13 months |
| _gat_UA-nnn | Analytic | This cookie assigns an identifier to each visitor to distinguish them | Browsing Session | |
| _gid | Analytic | This cookie allows us to broadcast our advertising messages on the Google network | 24 hours | |
| ContentSquare | _cs_id | Analytic | This cookie contains an anonymous ContentSquare user ID | 13 months |
| _cs_s | Analytic | This cookie contains the number of pages viewed in the current session for the ContentSquare tool | 30 minutes | |
| _cs_mk | Analytic | This cookie is used for integration with Google Analytics | 03 minutes | |
| _cs_vars | Analytic | This cookie is used by ContentSquare to create analysis variables | Browsing session | |
| _cs_c | Analytic | This cookie is used by ContentSquare to save the user’s consent to data collection | 13 months | |
| _cs_same_site | Analytic | This cookie allows the user to be identified via a unique identifier | Browsing session | |
| AB Tasty | ABTasty | Analytic | Information for A/B tests | 13 months |
| ABTastySession | Analytic | AB Testing user session | Browsing session | |
| ABTastyDomainTest | Analytic | Information for A/B tests | A few minutes | |
| Cloudflare | __cf_bm | Technical and necessary | This cookie is necessary for bot protection | 30 min |
| Tapfiliate | tap_vid | Analytic | This cookie is used to track conversions from our affiliate partners | 45 days |
| Hubspot | hubspotutk | Analytic | Allows visitor authentication | 13 months |
| __hstc | Analytic | Use for timestamp | 12 months | |
| __hssc | Analytic | This cookie tracks sessions. It is used to determine whether HubSpot should increase the session number and timestamp data in the __hstc cookie | 30 min | |
| __hssrc | Analytic | This cookie is set to determine whether the visitor has reset their browser. In the absence of this cookie when HubSpot processes cookies, the session is considered new | End of session | |
| Drift | drift_campaign_refresh | Analytic | This is the session ID token. It is used to link your website visitor to a current website session in the Drift system | 30 minutes |
| DoubleClik
|
test_cookie | Advertising | Allows us to broadcast our advertising messages on the Google network | Browsing session |
| _gcl_au | Advertising | Allows us to broadcast our advertising messages on the Google network | 3 months | |
| AntVoice | av-mid | Advertising | unique AntVoice browser identifier | 13 months |
| av-sess-id-380 | Advertising | identifier of a browsing session on a specific site | 30 min | |
| av-tp-adx | Advertising | Technical cookie indicating the identity synchronization status with the Google partner | 2 days | |
| av-tp-bsw | Advertising | Technical cookie indicating the identity synchronization status with the Bidswitch partner | 2 days | |
| av-tp-id-set | Advertising | technical cookie to validate that the browser accepts third party cookies | 2 days | |
| Artefact | floodlights DV360 | Advertising | This tag allows us to improve our conversion tracking | 1 year |
| Segment | analytics.js | Analytic | This tracker allows the tracking of interactions between the user and the page | 1 year |
| _fbp | Social networks | Encrypted Facebook ID and Browser ID | 3 months | |
| bscookie | Social networks | Allows you to track usage of integrated services | 12 hours | |
| lang | Social networks | Allows you to store custom variables such as language | Browsing session | |
| lissc | Social networks | Allows you to track usage of integrated services | 12 months | |
| lidc | Social networks | Allows you to track usage of integrated services | 24 hours | |
| UserMatchHistory | Social networks | Allows Linkedin to offer you targeted advertisements | 2 months | |
| personalization_id | Social networks | Identifies visitors from Twitter | 13 months | |
| Quora | m-b | Social networks | Identifies visitors from Quora | 12 months |
| PrestaShop via Drupal | Language | Technical and necessary | Contains the current language of the site | 1 year |
| Session_id | Technical and necessary | Used to limit access to the confirmation page which is displayed after downloading the PrestaShop solution in the Download page | 7 days | |
| Drupal.session_cache.smart_ip | Technical and necessary | Stores user location details based on their IP address. This data is only used to determine which regional variant of the site to display to users. The data is not stored permanently | 7 days | |
| Drupal.session_cache.prestashop_prev_url | Technical and necessary | Records user session IDs. Identifies the user’s http session and a user’s requests during a session | Optional | |
| has_js | Technical and necessary | Determines whether JavaScript is enabled so that Drupal performs user experience-enhancing operations | Browsing session |
To obtain more information on the cookies used, we invite you to consult the following pages:
- Hotjar Privacy Policy
- Google Services Privacy Policy
- ContentSquare Privacy Policy
- AB Tasty Privacy Policy
- Cloudflare Privacy Policy
- Tapfiliate Privacy Policy
- Hubspot Privacy Policy
- Drift Privacy Policy
- AntVoice Privacy Policy
- Artefact privacy policy
- Privacy Policy Segment
- Facebook Privacy Policy
- Linkedin Privacy Policy
- Twitter Privacy Policy
- Quora Privacy Policy
3. How to manage the deposit and reading of cookies?
Certain features of our sites, services, applications and tools are made available to you only through these cookies or trackers.
However, refusing to use these technologies may result in the unavailability of certain features of our services.
For more information on blocking, removing or disabling these technologies, see your browser or device settings.
For third-party cookies, you can configure your browser settings to refuse all third-party cookies.
- For Google Chrome, see this link.
- For Mozilla Firefox, see this link.
- For Microsoft Edge, see this link.
- For Opera, see this link.
- For Internet Explorer, see this link.
- For Apple Safari, see this link.
ANNEX 2 – List of our subcontractors
| Subcontractors | Services provided | Country of head |
|---|---|---|
| THINK | Hosting the store of merchants who have subscribed to the PrestaShop, Hosted offer | France |
| GOOGLE CLOUD PLATFORM | Hosting of data relating to the provision of our services | United States |
| MONGODB, INC. | Storage of databases for the entire hosting service | United States |
| CHARGEBEE INC. | Subscription invoicing tool necessary for the use of our PrestaShop Metrics Service as well as for RBM Modules | United States |
| STRIPE, INC. | Managing recurring payments | Ireland |
| USERFLOW INC. | Merchant onboarding | United States |
| ATLASSIAN
for Jira |
Ticket management software | United States |
| ZENDESK INC. | Support | United States |
| ACTIVE CONTACT | Support | Tunisia |
| inverted | Support | Lithuania |
| SIFAST | Support | Tunisia |
| VOCALCOM
for Hermes360 |
Business telephony solution | France |
| AIRCALL SAS | Business telephony solution | France |
| SENDSAFELY INC. | Support | United States |
| GURU TECHNOLOGIES, INC. | Support | United States |
| ZOHO CORPORATION PVT. LTD. | Support | United States |
| HUBSPOT, INC. | Our customer relationship management tool. | United States |
| FUNCTIONAL SOFTWARE, INC.
via sentry.io |
Bug finding software | United States |
| MIXPANEL INC. | Business Analytics Platform | United States |
| SEGMENT.IO, INC. | Business Analytics Platform | United States |
| MIXPANEL, INC. | Business Analytics Platform | United States |
| HOTJAR LTD. | Business Analytics Platform | United States |
| GOOGLE CLOUD
for Looker |
Business Analytics Platform | United States |
| GOOGLE IRELAND LIMITED
for Google analytics |
Business Analytics Platform | United States |
| CONTENTSQUARE | Tracking | France |
| AB TASTY | Tracking | France |
| CLOUDFLARE | Tracking | |
| TAPFILIATE | Tracking | |
| DRIFT.COM, INC. | Tracking | United States |
| ANTVOICE | Tracking | France |
| ARTEFACT | Tracking | France |
| Tracking | United States | |
| Tracking | United States | |
| Tracking | United States | |
| QUORA | Tracking | United States |