PRIVACY POLICY PRESTASHOP ACCOUNT
Effective 09/09/2020
INTRODUCTION :
It is normal to place special emphasis on how your data is obtained, used and shared.
That is why this personal data protection policy (the “Policy”) has been created to help you understand the practices and conditions in which PrestaShop SA (a public limited company entered on the Paris company and trade register under no. 497 916 635, having its offices at 12, rue d’Amsterdam, 75009, Paris, (“PrestaShop”) gathers, uses and stores your personal data (the “Data”).
Here you will find the various Data that we may collect and process or that you may transmit to us when you access the site https://prestashop.com (hereinafter the "Site") and the site https://addons.prestashop.com/fr (hereinafter the "Marketplace").
Use of the PrestaShop Account and Services are subject to this Policy.
Given that laws and regulations on technology and personal data protection are constantly evolving, this Policy is likely to be updated.
If any of the clauses in this Policy should be declared null and void or contrary to regulations, that clause will be deemed nugatory, but will not result in any other clauses in this Policy becoming null and void.
This Policy applies to Data collected through collection forms that allow :
- Allow you to create a PrestaShop Account;
- Allow you to download and use the PrestaShop Checkout service;
- Allow you to download and use the PrestaShop Metrics service;
- Send you commercial prospecting.
It does not apply to information collected by any third party or through websites managed by the latter, including via applications and content (including advertisements) redirecting users to https://www.prestashop.com where they can download the Solution.
Please read the Policy carefully to clearly understand our practices regarding the processing of your Data. Please be aware that you must agree to this Policy in order to view and/or use our Websites.
If you do not agree, please do not use PrestaShop Account and Services.
You are responsible for ensuring any Data provided to PrestaShop is complete and up to date.
ARTICLE 1 - WHAT ARE THE COLLECTED DATA BY PRESTASHOP ?
Depending on the nature and purpose of your interaction with PrestaShop, we may collect the Data listed below.
-
Data and legal bases justifying PrestaShop Account collected form
Type of Data |
---|
Contact data (email address) |
Connection data (IP ) |
Professional data (URL of the Merchant Site) |
Store merchant data ( PrestaShop version of the store; Server version, PHP; Theme used (and its version); Modules used (and their versions), distinguishing between enabled and disabled modules; Shop languages (with main language) and currencies |
-
Data collected from the PrestaShop Checkout account creation form from the Back-Office
Type of Data |
Identity’s data |
Merchant Website data |
Connection data |
Contact data (e-mail) |
-
Data collected from the PrestaShop Metrics account creation form from the Back-Offic
Type of data |
Connection data |
Transaction data |
Google Analytics login data ((id google analytics account; username google analytics; token authentication (access token/refresh token) ; id webproerty ; name webperty ; id profile (view) ; name profile (view); sessions by date ; session by channel ; sessions total, user by date ; user total)) |
ARTICLE 2 - HOW IS MY DATA COLLECTED?
Data may be collected in different ways on the Sites.
It may be collected directly when you provide it to us through the user account creation forms.
PrestaShop also collects indirectly your Data by means of cookies/trackers.
We invite you to read our Cookies Policy on our website prestashop.com, intended to help you better understand these technologies and the use we make of them on our Site and within the framework of our services, applications and tools.
We collect and use your Data :
- To present our Sites and their contents to you,
- To provide PrestaShop services (creation of a PrestaShop Account, access to the PrestaShop Metrics Service and PrestaShop Checkout);
- To provide support ;
- To allow us to contact you and/or to be contacted by our partners.
ARTICLE 3 - WHY IS YOUR DATA COLLECTED?
The process of your Data by PrestaShop may be necessary for the following reasons:
- to permit Prestashop to respect our contractual commitments ;
- to comply with the laws and regulations in force ;
- for PrestaShop's legitimate interest (develop its activity or improve its products and services)
Furthermore, some of your personal data can only be collected when you consent to their processing.
-
Purposes and legal basis justifying the collection of data for the creation and use of the PrestaShop Account
Type of data |
Purposes |
Legal bases |
Contact data (email address) |
Your email address may be collected and used to enable us to manage the contractual relationship. |
Contractual commitment (CGU) |
This data may also be used for marketing purposes to offer you similar PrestaShop products or services, if you have not objected. |
Legitimate interest |
|
Connection data (IP ) |
Management of the contractual relationship |
Contractual commitment (CGU) |
Professional data (URL of the Merchant Site) |
The collection of this data is necessary to link your PrestaShop Account to your Merchant Site. |
Contractual commitment (CGU) |
Store merchant data ( PrestaShop version of the store; Server version, PHP; Theme used (and its version); Modules used (and their versions), distinguishing between enabled and disabled modules; Shop languages (with main language) and currencies |
Knowledge of the user and improvement of the PrestaShop Solution |
Consent |
-
Purposes and legal basis justifying the collection of data for the creation and use of PrestaShop Checkout Services
Type of data |
Purposes |
Legal bases |
|
Identity’s data |
Management of the contractual relationship and management of invoicing |
Contractual commitment (CGU) |
|
Your data is transferred to our partner Paypal, with whom you must create an account and accept the TOS in order to use the PrestaShop Checkout service. |
Contractual commitment (CGU) |
||
Merchant Website data |
Necessary data to allow the installation of the Connector on the Merchant's Site. |
Contractual commitment (CGU) |
|
Connection data |
Necessary data to allow the installation of the Connector on the Merchant's Site |
Contractual commitment (CGU) |
|
Contact data (e-mail address) |
Management of the contractual relationship and management of invoicing |
Legitimate interest In accordance with the recommendations of the CNIL on B to B commercial canvassing, you are likely to receive commercial canvassing for similar products or services. You may object to this treatment at any time from the collection form or directly in the emails received. |
-
Purposes and legal basis justifying the collection of data for the creation and use of PrestaShop Metrics services
Type of data |
Purposes |
Legal bases |
Login data (PrestaShop Account data; Merchant ID and URL and email address of the merchant) |
This data are collected in order to allow PrestaShop to manage the contractual relationship with the merchant and to allow the merchant to access and configure the PrestaShop Metrics Service on its Merchant Site. |
Contractual commitment (CGU) |
Transaction data |
These data are necessary to allow the Merchant to benefit from PrestaShop Metrics statistical analyses on sales and orders, directly accessible in the Back-office of the Merchant Site. |
Contractual commitment (CGU) |
Google Analytics data ((id google analytics account; username google analytics; token authentication (access token/refresh token) ; id web property ; name web property ; id profile (view) ; name profile (view); sessions by date ; session by channel ; sessions total, user by date ; user total)) |
Allow PrestaShop to collect and use the data collected via the Merchant's Google Analytics account. The Merchant will then fully use the PrestaShop Metrics Service, completed with sessions and users statistics from is Google Analyics account, directly accessible in his PrestaShop dashboard. |
Contractual commitment (CGU) |
ARTICLE 4 - WHO PROCESSES MY DATA?
-
Internal processing of your data
Your Data are processed by PrestaShop employees tasked with managing :
- the Site.
In addition to our PrestaShop teams, your Data may be sent to PrestaShop Inc., a subsidiary of PrestaShop SA, whose offices are located at 80 SW, 8th Street, Suite 2000, Miami, FL 33130.
Your Data may also be sent to any buyer or successor in the event of the merger, transfer, restructuring, reorganisation, dissolution or other sale or transfer of some or all of PrestaShop’s assets due to uncertainties, bankruptcy, liquidation or other processes in which the Data of Users of PrestaShop’s various websites is listed among the transferred assets.
-
Processing of your data by our Partners whose Module or Connector you are downloading
Your Data will be provided to our Partners so (i) we can track the partnership concluded with PrestaShop and (ii) to allow them to send personalized offers to Users. The latter are bound by contractual obligations to maintain the confidentiality of the Data and to use it solely for the purposes for which we provide them.
As part of PrestaShop Checkout, your data can be transferred to our partner Paypal Inc. located in the United States. This transfer is necessary to allow you to benefit from their services.
-
External processing of your data
Your Data may also, within the scope of our business and for external processing needs, be provided to subcontractors, service providers and other third parties, particularly for hosting your Data.
Thus, the management of our emailing campaigns (Newsletters) carried out through the services of the company HubSpot, Inc. - 25 First Street, 2nd Floor - Cambridge, MA 02141 USA . The latter are obliged, by a personal data subcontracting contract, to respect the confidentiality of the Data and to use them only for the purposes for which we transmit them.
Likewise, the support services offered to Users of the Services are managed by Zendesk software. Your data is thus communicated to the company Zendesk Inc. - 1019 Market Street, San Bruno, CA 94103, USA. The latter are obliged, by a personal data subcontracting contract, to respect the confidentiality of the Data and to use it only for the purposes for which we transmit it to them.
The Data collected within the framework of the use of the PrestaShop Account Service is hosted by the company Google Cloud whose servers are located in the European Union, in Belgium and Germany. In order to guarantee the security of the data collected and hosted by our service provider, subcontracting clauses have been signed with them.
- PrestaShop Checkout Service
As part of the management of the PrestaShop Checkout solution, your data may be transferred to our processors located outside the EU.
Data collected within the scope of PrestaShop Checkout use are hosted by Jaguar Network, 71 avenue André Roussin, BP 50067, 13321 Marseille, Cedex 16, France, whose servers are located in the European Union, Canada and the United States. As such, your Data may be transferred outside of the European Union, to the United States for hosting purposes. In order to guarantee the security of the data collected and hosted by our service provider, subcontracting clauses have been signed with them.
Your data may also be transmitted to our subcontractor Active Contact Center - 2 rue de Guinée, 1002, Tunis, Tunisia so that the latter can provide the level 1 assistance services included in the Service. We have signed a contract with them to control the transfer and processing of your data.
Your data may be processed by Google when you use the following solutions:
- Google Cloud Endpoints: your data will only be kept for 30 seconds
- Google Cloud Memorystore for Redis API: your data may be stored for up to 15 days
- Cloud Storage: Redis and Compute Engine backup tool; your data may be stored for up to one year
- Cloud SQL
- Compute Engine API: only your identity data will be stored
- Cloud Datastore API
- Stackdriver Logging API: your data may be stored for up to 30 days.
Google is a member of Privacy Shield, which the CNIL considers as equivalent protection to the GDPR. You can learn more about Google’s customer data management here.
Likewise, data processing may also be performed by Sentry Software, also a member of Privacy Shield, which the CNIL considers as equivalent protection to the GDPR. You can learn more about Sentry’s data management here.
- PrestaShop Metrics Service
Within the framework of the management of the PrestaShop Metrics Service, your data may be transferred to our subcontractors, some of which are located outside the EU.
The Data collected within the framework of the use of the PrestaShop Metrics Service is hosted by the company Google Inc. whose servers are located in the European Union, Canada and the United States. As a result, your Data may be transferred outside the European Union to the United States for hosting purposes. In order to guarantee the security of the data collected and hosted by our service provider, subcontracting clauses have been signed with them.
Likewise, data processing may be carried out by Sentry Software, which is a member of the Privacy Shield, considered by the CNIL as offering equivalent protection to that of the RGPD. You can learn more about Sentry's data management here.
-
Transfer of your data to the authorities to comply with our legal obligations
Lastly, we may also disclose your Data:
- To comply with legal mandates, laws and legal procedures, including governmental and regulatory requests.
- If we deem that disclosure is required or appropriate within the scope of protecting the rights, ownership or security of PrestaShop, our clients and other stakeholders. This disclosure includes exchanging information with other companies and organisations for the purpose of protecting against fraud and counterfeiting.
ARTICLE 5 - HOW LONG IS MY DATA STORED FOR?
PrestaShop only stores your Data for the period necessary for the purposes. This storage period varies according to the Data in question, as it may be affected by the nature and purpose of the collection. Similarly, certain legal obligations stipulate a specific storage period.
-
Retention period for Data collected from the PS Account form
The User's IP address collected after registration to the PrestaShop Account Service is kept for 30 days and then deleted. The data is kept for the duration necessary for the management of the contractual relationship. As of the User's unsubscription, the data is kept for 3 months and then archived.
-
Retention period of the data collected from the PS Checkout Service usage form
The Data collected at the end of the registration to the PrestaShop Checkout Service are kept for the duration necessary to manage the contractual relationship. As from the User's unsubscription, the data are kept 3 years and then anonymized for analysis purposes.
-
Retention period of the data collected from the PS Metrics Service usage form
The Data collected at the end of the registration to the PrestaShop Metrics Service are kept for the duration necessary to manage the contractual relationship. As of the User's unsubscription, the data is kept for 3 months and then archived.
ARTICLE 6 - HOW IS MY DATA PROTECTED?
Your Data is stored on secure servers protected by firewalls and antivirus software.
We have implemented technical and organisational measures intended to protect the security and confidentiality of your Data against any accidental loss and any unauthorised access, use, modification or disclosure.
Given the inherent characteristics of the internet, we cannot guarantee the optimal security of information exchanged over this network.
We strive to protect your Data , but cannot guarantee the absolute security of information sent to the Website. You agree that you provide your Data at your own risk.
We cannot be held liable for any failure to comply with privacy settings and security measures implemented on our Websites.
As such, you agree that the security of your information is equally your responsibility. For instance, you are responsible for keeping your Merchant Website back-office password confidential.
Never provide it to any third parties. Similarly, be careful when you share information in the public sections of the Website as they can be viewed by all Website users.
ARTICLE 7 - WHAT ARE MY RIGHTS?
You can choose how the Data you provide is used :
- You can decide not to provide your email address in the PrestaShop Account form. However, please be aware that you cannot use PrestaShop Account and Services in this case.
- You can decide to no longer receive personalised offers from our Partners. In this case, you will be able to oppose to their solicitation by all means made available by them.
- You can decide to no longer receive personalised offers from PrestaShop. You can unsubscribe through a link provided in the email.
- Your IP address must be collected to secure your Merchant Website back-office connection.
In any case, you can access your Merchant Website back-office at any time to view and update your Data.
In accordance with the provisions of the applicable regulations regarding personal data protection, namely the European General Data Protection Regulation 2016/679 (the “GDPR”) and the French Data Protection Act no. 78-17 of 6 January 1978 and its amendments, you have the right to access and correct your Data.
You also have the right to stipulate directives relating to the fate of your Data in the event of your death.
Furthermore, subject to the conditions of the aforementioned regulation for exercising your rights, you have:
- The right to erasure of your Data.
- The right to limit processing of your Data.
- The right to object to the processing of your Data on legitimate grounds, in accordance with article 21 of the GDPR.
- The right to portability for the Data you have provided.
- The right to withdraw consent, when it has been asked.
When processing of your Data has occurred based on your consent, you may withdraw that consent at any time. However, you acknowledge that any processing that occurred before your consent was withdrawn remains entirely valid.
You also have the right to object, without providing a reason, to PrestaShop profiling you based on your Data, when content or communications are sent for commercial solicitation.
However, in accordance with Article 12.6 of the GDPR, when you exercise these rights, PrestaShop, as the controller, reserves the right to require proof of your identity. Please be aware that the data required to prove your identity will be deleted once we have responded to your request.
You can exercise your rights by sending an email in French, English or Spanish to privacy@prestashop.com or writing to:
PrestaShop S.A – Service Réclamation
Données Personnelles
12, rue d’Amsterdam, 75009 Paris, France.
We are required to reply within one (1) month to all requests regarding the exercising of these rights. This timeframe may be extended to two (2) months for complex requests and large request volumes.
Lastly, you also have the right to lodge a complaint with CNIL (the French National Commission for Information Technology and Civil Liberties), namely via its website at www.cnil.fr.
ARTICLE 7 - DOES PRESTASHOP TRANSFER MY DATA OUTSIDE THE EUROPEAN UNION?
In accordance with Article 4 above, data may be transmitted to our partners and/or subcontractors located outside the European Union. In this case, PrestaShop makes every effort to ensure the security of the Data which transits outside the European Union (standard contractual clauses, countries having protection measures considered as equivalent, BCR...).