PRIVACY POLICY  PRESTASHOP ACCOUNT

INTRODUCTION : 

 

It is normal to place special emphasis on how your data is obtained, used and shared.

 

That is why this personal data protection policy (the “Policy”) has been created to help you understand the practices and conditions in which PrestaShop SA (a public limited company entered on the Paris company and trade register under no. 497 916 635, having its offices at 4, rue Jules Lefebvre, 75009, Paris, (“PrestaShop”) gathers, uses and stores your personal data (the “Data”).

 

Here you will find the various Data that we may collect and process or that you may transmit to us when you access the site https://prestashop.com (hereinafter the "Site") and the site https://addons.prestashop.com/fr (hereinafter the "Marketplace"). 

 

Use of the PrestaShop Account and Services are subject to this Policy.

 

Given that laws and regulations on technology and personal data protection are constantly evolving, this Policy is likely to be updated.

 

If any of the clauses in this Policy should be declared null and void or contrary to regulations, that clause will be deemed nugatory, but will not result in any other clauses in this Policy becoming null and void.

 

This Policy applies to Data collected through collection forms that allow : 

• Allow you to create a PrestaShop Account;
• Allow you to download and use the PrestaShop Checkout service;
• Allow you to download and use the PrestaShop Metrics Free service and PrestaShop Metrics Paid service;
• Allow you to download and use the PrestaShop Facebook service;
• Allow you to download and use the PrestaShop Marketing service;
• Send you commercial prospecting.

 

It does not apply to information collected by any third party or through websites managed by the latter, including via applications and content (including advertisements) redirecting users to https://www.prestashop.com where they can download the Solution.

 

Please read the Policy carefully to clearly understand our practices regarding the processing of your Data. Please be aware that you must agree to this Policy in order to view and/or use our Websites.

 

If you do not agree, please do not use PrestaShop Account and Services.

 

You are responsible for ensuring any Data provided to PrestaShop is complete and up to date.  

 

ARTICLE 1 - WHAT ARE THE COLLECTED DATA BY PRESTASHOP ?

Depending on the nature and purpose of your interaction with PrestaShop, we may collect the Data listed below.

 

• Data and legal bases justifying PrestaShop Account collected form 

 

Type of Data
Contact data (email address)
Connection data (IP )
Professional data (URL of the Merchant Site)
Store merchant data (PrestaShop version of the store; Server version, PHP; Theme used (and its version); Modules used (and their versions), distinguishing between enabled and disabled modules; Shop languages (with main language) and currencies

 

• Data collected from the PrestaShop Checkout account creation form from the Back-Office

 

Type of Data

Identity’s data

Merchant Website data

Connection data

Contact data (e-mail)

 

• Data collected from the PrestaShop Metrics account creation form from the Back-Office

Type of data

Connection data (PrestaShop Account data; Merchant ID and URL and email address of the merchant))

Transaction data

Google Analytics login data ((d google analytics account; username google analytics; token authentication (access token/refresh token) ; id webproerty ; name webperty ; id profile (view) ; name profile (view); sessions by date ; session by channel ; sessions total, user by date ; user total)

 

• Data collected from the PrestaShop Facebook account creation form from the Back-Office

Type of data

Connection data (Merchant Site URL, PS Account login details, Customer ID)

Transaction data (data relating to transactions carried out by the Merchant's customers)

External identification data (Merchant association ID between Prestashop and Facebook), Business Manager ID, Catalog ID, Page IDs, Pixel ID, Ad account ID, Profile IDs, Instagram profile ID)

 

• Data collected from the PrestaShop Marketing account creation form from the Back-Office

Type of data

Connection data (Merchant Site URL, PS Account login details, Customer ID)

Transaction data (data relating to transactions carried out by the Merchant's customers)

Google Account data  (ID Google Merchant Center, ID Google ads; token authentication (access token/refresh token)

 

ARTICLE 2 - HOW IS MY DATA COLLECTED?

 

Data may be collected in different ways on the Sites. 

 

It may be collected directly when you provide it to us through the user account creation forms. 

 

PrestaShop also collects indirectly your Data by means of cookies/trackers. 

We invite you to read our Cookies Policy on our website prestashop.com, intended to help you better understand these technologies and the use we make of them on our Site and within the framework of our services, applications and tools.

We collect and use your Data : 

• To present our Sites and their contents to you,
• To provide PrestaShop services (creation of a PrestaShop Account, access to the PrestaShop Metrics Free and Paid Services, PrestaShop Checkout, PrestaShop Facebook and PrestaShop Marketing); 
• To provide support ;
• To allow us to contact you and/or to be contacted by our partners. 

 

ARTICLE 3 - WHY IS YOUR DATA COLLECTED?

 

The process of your Data by PrestaShop may be necessary for the following reasons:  

• to permit Prestashop to respect our contractual commitments ;
• to comply with the laws and regulations in force ;
• for PrestaShop's legitimate interest (develop its activity or improve its products and services)

Furthermore, some of your personal data can only be collected when you consent to their processing.

 

• Purposes and legal basis justifying the collection of data for the creation and use of the PrestaShop Account

Type of data	Purposes	Legal bases
Contact data (email address)	Your email address may be collected and used to enable us to manage the contractual relationship.	Contractual commitment (T&Cs)
	This data may also be used for marketing purposes to offer you similar PrestaShop products or services, if you have not objected.	Legitimate interest
Connection data (IP )	Management of the contractual relationship	Contractual commitment (T&Cs)
Professional data (URL of the Merchant Site)	The collection of this data is necessary to link your PrestaShop Account to your Merchant Site.	Contractual commitment (T&Cs)
Store merchant data	Knowledge of the user and improvement of the PrestaShop Solution	Consent

 

• Purposes and legal basis justifying the collection of data for the creation and use of PrestaShop Checkout Services

Type of data	Purposes	Legal bases
Identity’s data	Management of the contractual relationship and management of invoicing	Contractual commitment (T&Cs)
	Your data is transferred to our partner Paypal, with whom you must create an account and accept the TOS in order to use the PrestaShop Checkout service.	Contractual commitment (T&Cs)
Merchant Website data	Necessary data to allow the installation of the Connector on the Merchant's Site.	Contractual commitment (T&Cs)
Connection data	Necessary data to allow the installation of the Connector on the Merchant's Site	Contractual commitment (T&Cs)
Contact data (e-mail address)	Management of the contractual relationship and management of invoicing	Legitimate interest In accordance with the recommendations of the CNIL on B to B commercial canvassing, you are likely to receive commercial canvassing for similar products or services. You may object to this treatment at any time from the collection form or directly in the emails received.

 

• Purposes and legal basis justifying the collection of data for the creation and use of PrestaShop Metrics services

 

Type of data	Purposes	Legal bases
Login data	This data are collected in order to allow PrestaShop to manage the contractual relationship with the merchant and to allow the merchant to access and configure the PrestaShop Metrics Service on its Merchant Site.	Contractual commitment (T&Cs)
Transaction data	These data are necessary to allow the Merchant to benefit from PrestaShop Metrics statistical analyses on sales and orders, directly accessible in the Back-office of the Merchant Site.	Contractual commitment (T&Cs)
Bank data	These data are necessary to allow the Merchant to benefit from PrestaShop Metrics statistical analyses on sales and orders, directly accessible in the Back-office of the Merchant Site.	Contractual commitment (T&Cs)
Google Analytics data	Allow PrestaShop to collect and use the data collected via the Merchant's Google Analytics account. The Merchant will then fully use the PrestaShop Metrics Service, completed with sessions and users statistics from is Google Analyics account, directly accessible in his PrestaShop dashboard.	Contractual commitment (T&Cs)

 

• Purposes and legal basis justifying the collection of data for the creation and use of PrestaShop Facebook services

 

Type of data	Purposes	Legal bases
Login data	Necessary data to allow the installation of the PrestaShop Facebook connector on the Merchant's Site	Contractual commitment (T&Cs)
Transaction data	These data are necessary to allow the Merchant to benefit from PrestaShop Facebook statistical analyses on sales and orders, directly accessible in the Back-office of the Merchant Site.	Contractual commitment (T&Cs)
External data connection	To allow access to the data collected via the merchant's Facebook accounts in order to collect them and allow the merchant a more efficient statistics service in the back office of its Merchant Site.	Contractual commitment (T&Cs)

 

• Purposes and legal basis justifying the collection of data for the creation and use of PrestaShop Marketing services

 

Type of data	Purposes	Legal bases
Login data	Necessary data to allow the installation of the PrestaShop Marketing connector on the Merchant's Site	Contractual commitment (T&Cs)
Transaction data	These data are necessary to allow the Merchant to benefit from PrestaShop Facebook statistical analyses on sales and orders, directly accessible in the Back-office of the Merchant Site.	Contractual commitment (T&Cs)
Google Merchant Center and Google Ads account login data	To allow access to the data collected via the merchant's Google accounts in order to collect them and allow the merchant a more efficient statistics service in the back office of its Merchant Site.	Contractual commitment (T&Cs)

 

 

ARTICLE 4 - WHO PROCESSES MY DATA?
 

• Internal processing of your data 

 

Your Data are processed by PrestaShop employees tasked with managing :

• the Site;

• the training sessions; 

• the partnerships with agencies;

• the Legal department

 

Your Data may also be sent to any buyer or successor in the event of the merger, transfer, restructuring, reorganisation, dissolution or other sale or transfer of some or all of PrestaShop’s assets due to uncertainties, bankruptcy, liquidation or other processes in which the Data of Users of PrestaShop’s various websites is listed among the transferred assets.

 

• Processing of your data by our Partners whose Module or Connector you are downloading

 

Your Data will be provided to our Partners so (i) we can track the partnership concluded with PrestaShop and (ii) to allow them to send personalized offers to Users. The latter are bound by contractual obligations to maintain the confidentiality of the Data and to use it solely for the purposes for which we provide them.

 

As part of PrestaShop Checkout, your data can be transferred to our partner Paypal Inc. located in the United States. This transfer is necessary to allow you to benefit from their services. 

 

• External processing of your data

 

Your Data may also, within the scope of our business and for external processing needs, be provided to subcontractors, service providers and other third parties, particularly for hosting your Data.

 

Thus, the management of our emailing campaigns (Newsletters) carried out through the services of the company HubSpot, Inc. - 25 First Street, 2nd Floor - Cambridge, MA 02141 USA. The latter are obliged, by a personal data subcontracting contract, to respect the confidentiality of the Data and to use them only for the purposes for which we transmit them. 

 

Likewise, the support services offered to Users of the Services are managed by Zendesk software. Your data is thus communicated to the company Zendesk Inc. - 1019 Market Street, San Bruno, CA 94103, USA. The latter are obliged, by a personal data subcontracting contract, to respect the confidentiality of the Data and to use it only for the purposes for which we transmit it to them.

 

PrestaShop also uses the "Jira" software, published by Atlassian - 341 George Street - Sydney, NSW, 2000 - Australia" to ensure the ticketing system allowing to transmit the Users' requests to the support teams. The software is hosted internally on our Google server in the Netherlands, which ensures a sufficient and adequate level of protection with regard to the applicable legislation on personal data protection.

 

PrestaShop uses Freshdesk software, published by Freshworks Inc, 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403. The Data Processing Agreement between PrestaShop and Freshworks Inc. provides that no Personal Data shall be transferred outside the European Union. Where required, Freshworks Inc. undertakes to take all necessary steps to ensure a level of protection and security in accordance with applicable data protection legislation. 

 

The Data collected within the framework of the use of the PrestaShop Account Service is hosted by the company Google Cloud whose servers are located in the European Union, in Belgium and Germany. In order to guarantee the security of the data collected and hosted by our service provider, subcontracting clauses have been signed with them.

The European Commission's standard contractual clauses have been signed with our subcontractors in this context. These standard contractual clauses make it possible to ensure a level of protection and security in line with the applicable legislation on the protection of personal data.

 

Similarly, data processing may be carried out by Sentry Software. The latter are bound by a contract on the processing of personal data to respect the confidentiality of the Data and to use them only for the purposes for which we transmit them. You can read more about Sentry's data management here.

 

• PrestaShop Checkout Service 

 

As part of the management of the PrestaShop Checkout solution, your data may be transferred to our processors located outside the EU.

 

Data collected within the scope of PrestaShop Checkout use are hosted by Jaguar Network, 71 avenue André Roussin, BP 50067, 13321 Marseille, Cedex 16, France, whose servers are located in the European Union, Canada and the United States. As such, your Data may be transferred outside of the European Union, to the United States for hosting purposes. In order to guarantee the security of the data collected and hosted by our service provider, subcontracting clauses have been signed with them. 

 

Your data may also be transmitted to our subcontractor Active Contact Center - 2 rue de Guinée, 1002, Tunis, Tunisia so that the latter can provide the level 1 assistance services included in the Service. We have signed a contract with them to control the transfer and processing of your data.

 

Your data may be processed by Google when you use the following solutions:

•  Google Cloud Endpoints: your data will only be kept for 30 seconds
• Google Cloud Memorystore for Redis API: your data may be stored for up to 15 days
• Cloud Storage: Redis and Compute Engine backup tool; your data may be stored for up to one year
• Cloud SQL
• Compute Engine API: only your identity data will be stored 
• Cloud Datastore API
• Stackdriver Logging API: your data may be stored for up to 30 days.

Google is a member of Privacy Shield, which the CNIL considers as equivalent protection to the GDPR. You can learn more about Google’s customer data management here.

 

You can learn more about Sentry’s data management here.

 

Within the framework of the PrestaShop Checkout Services, PrestaShop uses the company "Active Contact - 2, rue de Guinée, 1002 Tunis - Tunisia" to provide level 1 support for Users. A data processing contract between PrestaShop and this subcontractor ensures a level of protection and security in accordance with the applicable legislation on the protection of personal data. As required by the applicable legislation, the transfer of Data outside the European Union is also governed by standard contractual clauses.

 

• PrestaShop Metrics Services 

 

Within the framework of the management of the PrestaShop Metrics Free Service and PrestaShop Metrics Paid Service, your data may be transferred to our subcontractors, some of which are located outside the EU.

 

The Data collected within the framework of the use of the PrestaShop Metrics Service are located in the United States. A data processing contract between PrestaShop and this subcontractor ensures a level of protection and security in accordance with the applicable legislation on the protection of personal data. As required by the applicable legislation, the transfer of Data outside the European Union is also governed by standard contractual clauses.

 

The Data collected within the framework of the use of the PrestaShop Metrics Service is hosted by the company Google Inc. whose servers are located in the European Union, Canada and the United States.  As a result, your Data may be transferred outside the European Union to the United States for hosting purposes. In order to guarantee the security of the data collected and hosted by our service provider, subcontracting clauses have been signed with them. 

 

• PrestaShop Facebook Services

 

Within the framework of the management of the PrestaShop Facebook Service, your data may be transferred to our subcontractors, some of which are located outside the EU.

 

The Data collected within the framework of the use of the PrestaShop Facebook Service are hosted by the company Google Inc. whose servers are located on the territory of the European Union, in Canada and in the United States.  As a result, your Data may be transferred outside the European Union, to the United States for hosting purposes. In order to guarantee the security of the data collected and hosted by our service provider, subcontracting clauses have been signed with them.

 

• PrestaShop Marketing Services

 

Within the framework of the management of the PrestaShop Facebook Service, your data may be transferred to our subcontractors, some of which are located outside the EU.

 

The Data collected within the framework of the use of the PrestaShop Facebook Service are hosted by the company Google Inc. whose servers are located on the territory of the European Union, in Canada and in the United States.  As a result, your Data may be transferred outside the European Union, to the United States for hosting purposes. In order to guarantee the security of the data collected and hosted by our service provider, subcontracting clauses have been signed with them.

 

• Transfer of your data to the authorities to comply with our legal obligations

 

Lastly, we may also disclose your Data:

• To comply with legal mandates, laws and legal procedures, including governmental and regulatory requests.
• If we deem that disclosure is required or appropriate within the scope of protecting the rights, ownership or security of PrestaShop, our clients and other stakeholders. This disclosure includes exchanging information with other companies and organisations for the purpose of protecting against fraud and counterfeiting.

PrestaShop Marketing with Google Services

Within the framework of the management of the PrestaShop Marketing with Google Service, your data may be transferred to our subcontractors, some of which are located outside the EU.

The Data collected within the framework of the use of the PrestaShop Marketing with Google Service are hosted by the company Google Inc. whose servers are located on the territory of the European Union, in Canada and in the United States.  As a result, your Data may be transferred outside the European Union, to the United States for hosting purposes. In order to guarantee the security of the data collected and hosted by our service provider, subcontracting clauses have been signed with them.

 

 

 ARTICLE 5 - HOW LONG IS MY DATA STORED FOR?

 

PrestaShop only stores your Data for the period necessary for the purposes. This storage period varies according to the Data in question, as it may be affected by the nature and purpose of the collection. Similarly, certain legal obligations stipulate a specific storage period.

 

• Retention period for Data collected from the PrestaShop Account form

 

The User's IP address collected after registration to the PrestaShop Account Service is kept for 30 days and then deleted. The data is kept for the duration necessary for the management of the contractual relationship. As of the User's unsubscription, the data is kept for 3 months and then archived. 

 

• Retention period of the data collected from the PrestaShop Checkout Service usage form 

 

The Data collected at the end of the registration to the PrestaShop Checkout Service are kept for the duration necessary to manage the contractual relationship. As from the User's unsubscription, the data are kept 3 years and then anonymized for analysis purposes. 

 

• Retention period of the data collected from the PrestaShop Facebook Services usage form

 

The Data collected at the end of the registration to the PrestaShop Facebook are kept for the duration necessary to manage the contractual relationship. As of the User's unsubscription, the data is kept for 3 months and then archived. 

 

• Retention period of the data collected from the PrestaShop Marketing Services usage form

 

The Data collected at the end of the registration to the PrestaShop Marketing Services are kept for the duration necessary to manage the contractual relationship. As of the User's unsubscription, the data is kept for 3 months and then archived. 

 

ARTICLE 6 - HOW IS MY DATA PROTECTED?

 

Your Data is stored on secure servers protected by firewalls and antivirus software.

 

We have implemented technical and organisational measures intended to protect the security and confidentiality of your Data against any accidental loss and any unauthorised access, use, modification or disclosure.

 

Given the inherent characteristics of the internet, we cannot guarantee the optimal security of information exchanged over this network.

 

We strive to protect your Data , but cannot guarantee the absolute security of information sent to the Website. You agree that you provide your Data at your own risk. 

 

We cannot be held liable for any failure to comply with privacy settings and security measures implemented on our Websites.                                                                                        

 

As such, you agree that the security of your information is equally your responsibility. For instance, you are responsible for keeping your Merchant Website back-office password confidential.

 

Never provide it to any third parties. Similarly, be careful when you share information in the public sections of the Website as they can be viewed by all Website users.

 

ARTICLE 7 - WHAT ARE MY RIGHTS?

 

You can choose how the Data you provide is used :

• You can decide not to provide your email address in the PrestaShop Account form. However, please be aware that you cannot use PrestaShop Account and Services in this case.
• You can decide to no longer receive personalised offers from our Partners. In this case, you will be able to oppose to their solicitation by all means made available by them.
• You can decide to no longer receive personalised offers from PrestaShop. You can unsubscribe through a link provided in the email.
• Your IP address must be collected to secure your Merchant Website back-office connection.

 

In any case, you can access your Merchant Website back-office at any time to view and update your Data.

 

In accordance with the provisions of the applicable regulations regarding personal data protection, namely the European General Data Protection Regulation 2016/679 (the “GDPR”) and the French Data Protection Act no. 78-17 of 6 January 1978 and its amendments, you have the right to access and correct your Data.

 

 You also have the right to stipulate directives relating to the fate of your Data in the event of your death.

 

Furthermore, subject to the conditions of the aforementioned regulation for exercising your rights, you have:

•  The right to erasure of your Data.

 

• The right to limit processing of your Data.

 

• The right to object to the processing of your Data on legitimate grounds, in accordance with article 21 of the GDPR.

 

•  The right to portability for the Data you have provided.

 

• The right to withdraw consent, when it has been asked.

 

When processing of your Data has occurred based on your consent, you may withdraw that consent at any time. However, you acknowledge that any processing that occurred before your consent was withdrawn remains entirely valid.

 

You also have the right to object, without providing a reason, to PrestaShop profiling you based on your Data, when content or communications are sent for commercial solicitation.

 

However, in accordance with Article 12.6 of the GDPR, when you exercise these rights, PrestaShop, as the controller, reserves the right to require proof of your identity. Please be aware that the data required to prove your identity will be deleted once we have responded to your request.

 

You can exercise your rights by sending an email in French, English or Spanish to [email protected] or writing to:

PrestaShop S.A – Service Réclamation

Données Personnelles

4, rue Jules Lefebvre, 75009 Paris, France.

 

We are required to reply within one (1) month to all requests regarding the exercising of these rights. This timeframe may be extended to two (2) months for complex requests and large request volumes.

 

Lastly, you also have the right to lodge a complaint with CNIL (the French National Commission for Information Technology and Civil Liberties), namely via its website at www.cnil.fr.

 

ARTICLE 7 - DOES PRESTASHOP TRANSFER MY DATA OUTSIDE THE EUROPEAN UNION? 

 

In accordance with Article 4 above, data may be transmitted to our partners and/or subcontractors located outside the European Union. In this case, PrestaShop makes every effort to ensure the security of the Data which transits outside the European Union (standard contractual clauses, countries having protection measures considered as equivalent, BCR...).