PERSONAL DATA PROTECTION POLICY FOR PRESTASHOP DOWNLOAD
INTRODUCTION
It is normal to place special emphasis on how your data is obtained, used and shared.
That is why this personal data protection policy (the “Policy”) has been created to help you understand the practices and conditions in which PrestaShop SA (a public limited company entered on the Paris company and trade register under no. 497 916 635, having its offices at 4, rue Jules Lefebvre, 75009, Paris, (“PrestaShop”) gathers, uses and stores your personal data (the “Data”).
In this document you will find the various Data that we may collect and process or that you may provide to us when you download and use the PrestaShop software (the “Solution”) that enables you to create e-commerce websites (the “Merchant Website”). The latter can be personalised by installing Modules and Themes offered on the official marketplace, which can be accessed at http://addons.prestashop.com (the “PrestaShop Addons”) or displayed by default in the Merchant Website Back Office.
Some PrestaShop official Partners identified as such on PrestaShop Addons (the “Partners”) offer third party services that can be used by User who, when required, downloads the interface giving access to those services (the “Connectors”) on PrestaShop Addons or directly via their Back Office.
Use of the Solution is subject to this Policy.
Given that laws and regulations on technology and personal data protection are constantly evolving, this Policy is likely to be updated.
If any of the clauses in this Policy should be declared null and void or contrary to regulations, that clause will be deemed nugatory, but will not result in any other clauses in this Policy becoming null and void.
This Policy applies to Data collected during the User’s use of the Solution.
It does not apply to information collected by any third party or through websites managed by the latter, including via applications and content (including advertisements) redirecting users to https://www.prestashop.com where they can download the Solution.
Please read the Policy carefully to clearly understand our practices regarding the processing of your Data. Please be aware that you must agree to this Policy in order to view and/or use our Websites.
If you do not agree, please do not use our Solution.
You are responsible for ensuring any Data provided to PrestaShop is complete and up to date.
1. WHAT DATA DOES PRESTASHOP COLLECT?
Depending on the nature and purpose of your interaction with PrestaShop, namely downloading and using the Solution, we may collect the following Data:
-
Data collected from the PrestaShop Solution download form
Type of data |
Data details |
Identity’s data |
Email address |
-
Data collected from the PrestaShop Solution installer form
Type of data |
Data details |
Identity’s data |
Email address |
Last name |
|
Name |
|
Phone number |
|
Language |
|
Country |
|
Merchant Website’s data |
Business sector |
Statistical data on merchant Website activity |
|
Connection data |
IP address |
Server address |
|
Name of the server |
|
Database identifier |
|
Table prefixes |
|
Data base |
-
Data collected from the PrestaShop Checkout account creation form from the Back-Office
Type of data |
Data details |
Identity’s data |
Email adress |
Surname |
|
Name |
|
Nationality |
|
Business phone number |
|
Language |
|
Country |
|
Merchant Website data |
Website name |
Company address |
|
Business sector |
|
Statistical data on merchant Website activity |
|
Connection data |
Website URL |
2. HOW IS MY DATA COLLECTED?
Data can be collected through forms when you download the Solution, create your Merchant Website or you creates a PrestaShop Checkout account.
3. WHY IS MY DATA COLLECTED?
The collect and processing of your data must be justified and comply with one of the principles laid down in the European Data Protection Regulation.
The collect of yours data may be necessary:
- It has been the subject of your consent ;
- to respect our contractual commitments ;
- to comply with the laws and regulations in force ;
- for PrestaShop's legitimate interest in order to develop its activity in order to improve its products and services.
-
Purposes and legal bases justifying the processing of your data collected on the PrestaShop Solution download form
Purposes |
Data |
Legal bases |
Downloading the Solution Creating your user account |
Identity’s data (mail) |
Contractual commitments (GTU) |
PrestaShop business prospecting |
Consent |
|
Data transfer to PrestaShop partners whose Addons you download for commercial prospecting purposes |
Consent |
-
Purposes and legal bases justifying the processing of your data collected on the PrestaShop Solution installer form
Purposes |
Data |
Legal bases |
Creating your user account |
Identity’s data Merchant Website’s data Connection data |
Contractual commitments (GTU) |
Personalization of the Merchant Website |
Merchant Website’s data |
Contractual commitments (GTU) |
Support |
Identity’s data Merchant Website’s data Connection data |
Contractual commitments (GTU) |
Statistics analysis |
Merchant Website’s data |
Legitimate interest |
Improve the Solution |
Merchant Website’s data |
Legitimate interest |
-
Purposes and legal bases justifying the processing of your data collected on the PrestaShop Checkout creation account form
Purposes |
Data |
Legal bases |
Creating your user account |
Identity’s data Merchant Website’s data Connection data |
Contractual commitments (GTU) |
Downloading and using of PrestaShop Checkout Connector |
||
Improved Checkout Support | ||
PrestaShop Checkout Support |
Identification data Data related to the merchant website |
Contractual commitments (CGU) |
Direct marketing of PrestaShop’s products and services |
Identity’s data (mail) |
Legitimate interest: Pursuant to the recommendations of the CNIL (French Data Protection Authority) concerning B2B direct marketing, you may receive direct marketing emails. You may object to this processing at any time, via the data collection form or directly from the links in the emails you receive. |
Management Partner relationship | Identity data |
Legitimate interest: Your data are transferred to our partner PayPal, with which you will need to create an account and accept the GTU (or log into your existing PayPal account) in order to use the PrestaShop Checkout service. |
4. WHO PROCESSES MY DATA?
-
Internal processing of your data
Your Data are processed by PrestaShop employees tasked with managing the Solution.
In addition to our PrestaShop teams, your Data may be sent to PrestaShop Inc., a subsidiary of PrestaShop SA, whose offices are located at 80 SW, 8th Street, Suite 2000, Miami, FL 33130.
-
Processing of your data by our Partners whose Module or Connector you are downloading
Your Data (Connector download date, email, phone number if provided, your website URL, and your full name) will be provided to our Partners so (i) we can track the partnership concluded with PrestaShop and (ii) to allow them to send personalised offers to Users.
The latter are bound by contractual obligations to maintain the confidentiality of the Data and to use it solely for the purposes for which we provide them.
-
External processing of your data
Your Data may also, within the scope of our business and for external processing needs, be provided to subcontractors, service providers and other third parties, particularly for hosting your Data.
Your Data may also be sent to any buyer or successor in the event of the merger, transfer, restructuring, reorganisation, dissolution or other sale or transfer of some or all of PrestaShop’s assets due to uncertainties, bankruptcy, liquidation or other processes in which the Data of Users of PrestaShop’s various websites is listed among the transferred assets.
Lastly, we may also disclose your Data:
- To comply with legal mandates, laws and legal procedures, including governmental and regulatory requests.
- If we deem that disclosure is required or appropriate within the scope of protecting the rights, ownership or security of PrestaShop, our clients and other stakeholders. This disclosure includes exchanging information with other companies and organisations for the purpose of protecting against fraud and counterfeiting.
5. HOW LONG IS MY DATA STORED FOR?
PrestaShop only stores your Data for the period necessary for the purposes explained in Article 3.
This storage period varies according to the Data in question, as it may be affected by the nature and purpose of the collection. Similarly, certain legal obligations stipulate a specific storage period.
Data is stored for the full duration of your Solution use. Your Data then will be stored for five (5) years from the date our contractual relationship ends.
After that time, they may be anonymised and stored for statistical purposes only.
6. HOW IS MY DATA PROTECTED?
Your Data is stored on secure servers protected by firewalls and antivirus software.
We have implemented technical and organisational measures intended to protect the security and confidentiality of your Data against any accidental loss and any unauthorised access, use, modification or disclosure.
Given the inherent characteristics of the internet, we cannot guarantee the optimal security of information exchanged over this network.
We strive to protect your Data , but cannot guarantee the absolute security of information sent to the Website. You agree that you provide your Data at your own risk.
We cannot be held liable for any failure to comply with privacy settings and security measures implemented on our Websites.
As such, you agree that the security of your information is equally your responsibility. For instance, you are responsible for keeping your Merchant Website back-office password confidential.
Never provide it to any third parties. Similarly, be careful when you share information in the public sections of the Website as they can be viewed by all Website users.
7. WHAT ARE MY RIGHTS?
You can choose how the Data you provide is used:
- It is optional to provide your full name; you may choose not to enter it. In that case, you cannot personalise your Merchant Website with Modules, Themes and Connectors.
- You can decide not to provide your email address in the Solution download form. However, please be aware that you cannot download the Solution or create a Merchant Website in this case.
- You can decide to no longer receive personalised offers from our Partners. In this case, you will be able to oppose to their solicitation by all means made available by them.
You can decide to no longer receive personalised offers from PrestaShop. You can unsubscribe through a link provided in the email.
- Your IP address must be collected to secure your Merchant Website back-office connection.
In any case, you can access your Merchant Website back-office at any time to view and update your Data.
In accordance with the provisions of the applicable regulations regarding personal data protection, namely the European General Data Protection Regulation 2016/679 (the “GDPR”) and the French Data Protection Act no. 78-17 of 6 January 1978 and its amendments, you have the right to access and correct your Data.
You also have the right to stipulate directives relating to the fate of your Data in the event of your death.
Furthermore, subject to the conditions of the aforementioned regulation for exercising your rights, you have:
- The right to erasure of your Data.
- The right to limit processing of your Data.
- The right to object to the processing of your Data on legitimate grounds, in accordance with article 21 of the GDPR.
- The right to portability for the Data you have provided.
- The right to withdraw consent, when it has been asked.
When processing of your Data has occurred based on your consent, you may withdraw that consent at any time. However, you acknowledge that any processing that occurred before your consent was withdrawn remains entirely valid.
You also have the right to object, without providing a reason, to PrestaShop profiling you based on your Data, when content or communications are sent for commercial solicitation.
However, in accordance with Article 12.6 of the GDPR, when you exercise these rights, PrestaShop, as the controller, reserves the right to require proof of your identity. Please be aware that the data required to prove your identity will be deleted once we have responded to your request.
You can exercise your rights by sending an email in French, English or Spanish to privacy@prestashop.com or writing to:
PrestaShop S.A – Service Réclamation
Données Personnelles
12, rue d’Amsterdam, 75009 Paris, France.
We are required to reply within one (1) month to all requests regarding the exercising of these rights. This timeframe may be extended to two (2) months for complex requests and large request volumes.
Lastly, you also have the right to lodge a complaint with CNIL (the French National Commission for Information Technology and Civil Liberties), namely via its website at www.cnil.fr.
8. DOES PRESTASHOP TRANSFER MY DATA OUTSIDE THE EUROPEAN UNION?
-
Hosting
Data collected within the scope of Solution use are hosted by Jaguar Network, 71 avenue André Roussin, BP 50067, 13321 Marseille, Cedex 16, France, whose servers are located in the European Union, Canada, and the United States. As such, your Data may be transferred outside of the European Union, to the United States for hosting purposes. In order to guarantee the security of the data collected and hosted by our service provider, subcontracting clauses have been signed with them.
By using the Solution, you agree to your Data being transferred to those servers.
-
PrestaShop Checkout Support
As part of the management of the PrestaShop Checkout solution, your data may be transferred to our processors located outside the EU.
Your data may also be transmitted to our subcontractor Active Contact Center - 2 rue de Guinée, 1002, Tunis, Tunisia so that the latter can provide the level 1 assistance services included in the Service. We have signed a contract with them to control the transfer and processing of your data.
Your data may be processed by Google when you use the following solutions:
- Google Cloud Endpoints: your data will only be kept for 30 seconds
- Google Cloud Memorystore for Redis API: your data may be stored for up to 15 days
- Cloud Storage: Redis and Compute Engine backup tool; your data may be stored for up to one year
- Cloud SQL
- Compute Engine API: only your identity data will be stored
- Cloud Datastore API
- Stackdriver Logging API: your data may be stored for up to 30 days.
Google is a member of Privacy Shield, which the CNIL considers as equivalent protection to the GDPR. You can learn more about Google’s customer data management here.
Likewise, data processing may also be performed by Sentry Software, also a member of Privacy Shield, which the CNIL considers as equivalent protection to the GDPR. You can learn more about Sentry’s data management here.
- Management of PrestaShop Partners
Lastly, within the scope of managing the partnership with our Partners, PrestaShop will provide the Data (Connector download date, email address, phone number if provided, your website URL, and your full name) of our Users who have downloaded the Connectors enabling them to use Partner services.
By downloading the Connectors, you agree to your Data being transferred to the aforementioned Partners.
The latter are bound by contractual obligations to protect and maintain the confidentiality of the Data and to use them solely for the purposes for which we provide them.
9. WHICH COOKIES ARE INTEGRATED INTO PRESTASHOP SOFTWARE?
When downloading and using PrestaShop software, cookies have been integrated to ensure the proper functioning of your website. These cookies are necessary.
Cookies used to ensure the functioning of the Back Office:
- Prestashop-<hash>
(hash is a unique identification number to each shop of the type PrestaShop-e21862e60cb58f40ff6789b8bbc85a18 type)
Storage: 20 days
Objective: Remember information about the current employee, such as language, workshop context, preferences, etc.
- last_position
Storage: 1 week
Objective: Store the last position in the file manager
- username_addons
Storage: the duration of the session
Objective: Retain identification information to connect to the Addons market.
- password_addons
Storage: the duration of the session
Objective: Retain identification information to connect to the Addons market.
- is_contributor :
Conservation: the duration of the session.
Objective: Retain identification information to connect to the Addons market.
- PHPSESSID :
Conservation : the duration of the session
Objective : PHP fonctionnality to keep the connection status.
Cookies used to ensure the functioning of the Front Office:
- Prestashop-<hash>
Conservation: 20 days
Objective: To memorize information about the customer such as language, shopping cart, customer account, etc.
- Notice
Conservation: the duration of the session
Objective: Display notifications after the redirection.
Cookies used to ensure operation during an update:
- employee_id
Conservation: the duration of the session
Objective: Remember the employee's ID when upgrading.
- iso_code
Conservation: the duration of the session
Objective: Memorize the language chosen during the upgrade.
- autoupgrade
Conservation: the duration of the session.
Objective: Remember the connected user during the upgrade.
- PHPSESSID
Conservation : the duration of the session
Objective : PHP fonctionnality to keep the connection status