GENERAL TERMS AND CONDITIONS OF USE FOR PRESTASHOP ACCOUNT AND PRESTASHOP SERVICES
Enters in force on 15/02/2021
PREAMBLE:
PrestaShop, a public limited company with capital of €339,501.30, entered in the Paris company & trade register under no. 497 916 635 and having its registered office at 4, rue Jules Lefebvre, 75009 Paris, France, is the designer and publisher of an open source software solution of the same name, distributed under an open source licence, that enables anyone acting as a professional to quickly and simply create e-commerce websites (hereafter referred to as “PrestaShop”).
The purpose of these General Terms and Conditions is to define the rights and obligations of PrestaShop and the user of PrestaShop Account and PrestaShop Services. Together with the PrestaShop Account Personal Data Protection Policy, they constitute the entirety of PrestaShop Account and PrestaShop Service terms and conditions of use that apply to all Users.
These T&Cs are available in French and other languages.
However, in case of inconsistencies or contradictions between the French version and the various translations of this document, the French version shall take precedence.
THE FOLLOWING HAS BEEN AGREED UPON:
-
Definitions
The Parties agree that the following terms and expressions, when written with the first letter(s) in uppercase in these General Terms and Conditions (including the identification of the parties and the preamble) and in both singular and plural form, shall have the meanings given below:
“Back Office” refers to the interface through which Users can administer and configure their Merchant Websites, add Modules, Themes or access PrestaShop Services;
“Terms and Conditions” or “T&Cs” refers to these general terms and conditions;
“Connectors” refers to the software developed in partnership between PrestaShop and the various Partners, accessible via PrestaShop Account and which allow Merchants to access third-party services supplied by the Partners;
“Customer” refers to any person making a purchase on the Merchant Website;
“Modules” refers to the downloadable software in the PrestaShop Account user space which add one or more features to those offered in the Solution’s out of the box version;
“Partner” refers to the business partner that developed the Connector in partnership with PrestaShop and which is made available to Users who have subscribed to a PrestaShop Service;
“Party/Parties” refers to PrestaShop SA and the User, individually and jointly;
“PrestaShop Services” (and/or “Service(s)”) refers to one or all additional services developed and distributed by PrestaShop and to which the User can subscribe from their PrestaShop Account space to add one or more features to the Merchant Website;
“Third Party Services” refers to the service developed by a Partner and accessible via a Connector; Access to this Third Party Service may require additional fees and be subjected to specific General Terms and Conditions of Use;
“PrestaShop Checkout Services” refers to the service for managing payments to which the User has access after subscribing to the PrestaShop Checkout Service allowing access to the PayPal Third Party Services;
“PrestaShop Facebook Service” refers to the service that connects the User’s Merchant Website to Facebook and Instagram accounts after downloading the PrestaShop Facebook Module which gives access to Third Party Facebook Business Extension Services;
“Merchant Website” refers to the e-commerce website based on the Solution and operated by a User for the purpose of their online sales activities;
“Support” refers to specific support services the User receives by subscribing to one of the PrestaShop Services;
“Solution” refers to the e-commerce open source solution published by PrestaShop and which can be freely downloaded from its website to create a Merchant Website.
“User” refers to any physical person or legal entity acting on a professional basis, from the time they register in PrestaShop Account.
-
Acceptance of the General Terms and Conditions
Access and use of the PrestaShop Services is subject to the User's full, unconditional acceptance of these T&Cs. That acceptance will be deemed to have been given once the User ticks the “I accept the General Terms and Conditions” box during account creation.
If Users do not tick that box, they understand that they will not be able to create a PrestaShop Account User space and the use of PrestaShop Services will not be possible, which the User accepts.
Users are informed that the creation of a user space in PrestaShop Account, and the downloading, installation and use of the Modules and/or Connectors of the PrestaShop Services is exclusively reserved for professionals (as defined by Consumer law) who are adults or emancipated minors with full legal powers. The User confirms that they meet this criteria.
This latter point is decisive in the willingness of PrestaShop to enter into this Agreement, as the Price was defined in relation to the exclusions and limitations of liability stipulated in these T&Cs.
-
Subscription to PrestaShop Services
3.1 Creating a PrestaShop Account User space
To subscribe to the Services, and download, install and configure the corresponding Modules and/or Connectors, Users must create a PrestaShop Account User space beforehand.
The User acknowledges and accepts that registration requires the entry of the required information as indicated on the Website. Any incomplete registration will prevent the creation and therefore the access to PrestaShop Services.
A complete User registration will automatically open a PrestaShop Account User space in their name, allowing them to subscribe to PrestaShop Services.
The information entered by the User will be considered binding upon submission.
The User warrants that all the information provided during registration is accurate, true and up to date.
In the event of any changes to the information entered, the User undertakes to modify it accordingly to ensure it continues to meet the aforementioned criteria.
3.2 Subscription to PrestaShop Services
The subscription, configuration and use of PrestaShop Services may require having beforehand and/or creating an account with a Partner.
Certain PrestaShop Services allow the Merchant to download a Connector to add an additional feature linked to the Third Party Service to their Website.
To use the Third Party Services, to which the User has access after installing a Connector, may require the creation of an account with the Partner. That account with the Partner is only binding upon the User in respect to the Partner.
The User is hereby informed that access to these Third Party Services may redirect them to websites managed on third party servers by people and/or organisations over which PrestaShop has no control.
It is the User’s responsibility to review and accept the Partner’s terms of use and financial terms.
3.2.1 Subscription to the PrestaShop Checkout Service requires an existing PayPal account, or the creation thereof.
The User is hereby informed that use of the PrestaShop Checkout Service requires an existing PayPal account. Consequently, if the User does not have one at the time of installation of the Connector, one will need to be created.
To create a PayPal account, the User will be redirected to a website managed by servers not belonging to PrestaShop, by people or organizations over which PrestaShop has no control.
That account with the PayPal Partner is only binding upon the User in respect to the Partner. It is the User’s responsibility to review and accept the terms of sale and/or use of Third Party Services.
3.2.2. Subscription to the PrestaShop Metrics Service requires an existing Google Analytics account, or the creation thereof.
The User is hereby informed that use of the PrestaShop Metrics Service requires an existing Google Analytics account. Consequently, if the User does not have one at the time of installation of the Connector, one will need to be created.
That account with Google is only binding upon the User in respect to Google. It is the User’s responsibility to review and accept the terms of sale and/or use of Third Party Services.
3.2.3 Subscription to the PrestaShop Facebook Service requires an existing Facebook account, or the creation thereof.
The User is hereby informed that use of the PrestaShop Facebook Service requires an existing Facebook account. Consequently, if the User does not have one at the time of installation of the Connector, one will need to be created.
To create a Facebook account, the User will be redirected to a website managed by servers not belonging to PrestaShop, by people or organizations over which PrestaShop has no control.
That account is only binding upon the User in respect to Facebook. It is the User’s responsibility to review and accept the terms of sale and/or use of Third Party Services.
3.3 Login details
Users will keep confidential their username and the associated password used to access their PrestaShop Account space.
-
PrestaShop Services Content
4.1 Access to PrestaShop Services
PrestaShop Services can be accessed from the User’s PrestaShop Account space.
Subject to compliance with the terms of registration described in the above Article 3, the Services allow the User to download Modules and Connectors developed and distributed by PrestaShop. Once the User subscribes and downloads the Connector linked to a Service, they will be able to add one or more features to their Merchant Site that are in connection with the relevant Third Party Service.
4.2 Updates and Support
The subscription to one of the PrestaShop Services includes, for each of the Services, the following Support:
Relevant Service |
Update |
Support |
PrestaShop Checkout |
Minor and major Connector updates and maintenance1 |
Included from the time the Connector is installed2 |
PrestaShop Metrics |
||
PrestaShop Facebook (support-facebook@prestashop.com) |
1 NB: Please note, updates are not custom developments, personalized and tailor-made by request for the User’s Merchant Website.
2 NB: A Support service is provided to assist the User with any questions about the installation of a PrestaShop Service Connector. The Support service is also available in the event of any malfunctions in the Connector. It is understood that the Support provided is only technical in nature and does not cover the Third Party Services generated via the Connector or for which it plays an intermediary role with the Partner.
The following in particular are excluded from this Support service: certain services offered, such as training and, more generally, any work performed on the User’s Merchant Website.
If the User does make use of this Support, they will be bound to PrestaShop under the data outsourcing Agreement appended hereto (Appendix 2).
- Financial terms
5.1. PrestaShop Services Financial Terms
Any PrestaShop Service not described or presented as free in these T&Cs, in the Merchant Website's Back Office or on the PrestaShop Addons platform is, unless expressly indicated otherwise, a paid service.
5.1.1 PrestaShop Checkout Service Financial Terms
The PrestaShop Checkout Connector is available to download for free.
Use of the PrestaShop Checkout Service will generate costs for the User, as shown on the PrestaShop Checkout Service pricing page.
All listed prices are understood to be VAT excluded.
Use of Third Party Services may generate additional fees. It is the User’s responsibility to review and accept the terms of sale and/or use of Third Party Services.
5.1.2 PrestaShop Metrics Service Financial Terms
The PrestaShop Metrics Connector is available to download for free.
Use of the PrestaShop Metrics Service will generate costs for the User, as shown on the PrestaShop Metrics Service pricing page.
All listed prices are understood to be VAT excluded.
Use of Third Party Services may generate additional fees. It is the User’s responsibility to review and accept the terms of sale and/or use of Third Party Services.
5.1.3 PrestaShop Facebook Service Financial Terms
The PrestaShop Facebook Connector is available to download for free.
Use of the PrestaShop Facebook Service will generate costs for the User, as shown on the PrestaShop Facebook Service pricing page.
All listed prices are understood to be VAT excluded.
Use of Third Party Services may generate additional fees. It is the User’s responsibility to review and accept the terms of sale and/or use of Third Party Services.
- Use of Third Party Services
Any PrestaShop Service not described or presented as free in these T&Cs, on the Merchant Website's Back Office or on the PrestaShop Addons platform is, unless expressly indicated otherwise, a paid service.
The User will provide the Partner with all of the information it needs to effectively process payments.
If a payment is rejected for any reason whatsoever, the provision or completion of Third Party Services may be suspended in accordance with the Partner’s terms and conditions of use.
- Support
Support services, as defined in Article 4, are provided for free.
Outside of these exceptions, Support services are, unless expressly indicated otherwise, to be paid.
- User's Obligations and Liabilities
6.1 User Obligations
Without prejudice to the other obligations set out in these T&Cs, the User agrees to use their PrestaShop Account space and PrestaShop Services in a way that does not constitute disorderly conduct or offensive action. In that respect, the User will use the Services in compliance with current legislation and regulation and will refrain from any other use.
6.2 User liability
Users subscribe to PrestaShop Services, and download, configure and use relevant Modules or Connectors at their own risk.
As such, the User is bound to comply with all current legal and regulatory provisions. In particular, Users must ensure that they do not commit any (i) violation of any third party intellectual property rights, (ii) injury to a person or violation of their right to privacy, or (iii) disorderly conduct or offensive action, within the context of using the Service, Third Party Services and the Merchant Website.
Failing that, access to PrestaShop Services may be temporarily suspended or terminated, as soon as PrestaShop is informed thereof, in accordance with the provisions set out in Article 11 of these T&Cs.
Users are also hereby informed that they are solely liable for any failures of their Merchant Website caused by modifications made to the Solution.
No support will be provided to Users when malfunctions and failures of their Merchant Website are due to code modifications/additions made to the Solution by the User and/or by any service provider or other third party or third party Service.
- PrestaShop liability
In principle, PrestaShop Account and PrestaShop Services are available 24/7, unless there is a scheduled or unscheduled interruption for maintenance reasons or due to a force majeure event.
However, given the purpose of the Services, PrestaShop cannot guarantee the Service will be provided in an uninterrupted manner with no errors, anomalies, viruses, bugs or security breaches. PrestaShop accepts no performance obligations in terms of service levels, whether in terms of response time or resolve time. PrestaShop assumes only a best efforts obligation.
The User is hereby informed that PrestaShop shall not be held liable for any direct or indirect damage caused to the User which is the exclusive result of the Third Party Service offered by the Partner.
In any case, PrestaShop shall not be held liable for any indirect damage including, but not limited to: loss of revenue or turnover, loss or theft of data, drop in traffic, loss of customers, damage to image or reputation, etc.
- Changes to the General Terms and Conditions
These T&Cs may be amended by PrestaShop at any time, without prior notice, in order to account for upgrades to PrestaShop Account and PrestaShop Services, and changes to applicable regulations. Any such changes will come into effect fifteen (15) days after they are published on the website or disclosed to Users. The new version of the T&Cs will be provided on the Prestashop.com website. Users are encouraged to regularly view them.
- Length of Subscription
PrestaShop Account and PrestaShop Services will be available upon the User's acceptance of these T&Cs and will continue so long as the User utilises them in accordance with these T&Cs.
- Right to Withdrawal
As professionals acting to further their commercial, industrial, artisanal or freelance business, Customers acknowledge that they do not have a right of withdrawal, which is only enjoyed by consumers as defined by the French Consumer Code.
-
Suspension and Termination
11.1 Suspension or Termination of PrestaShop Services
11.1.1 Termination by the User
The User may at any time terminate their subscription to PrestaShop Account or to a PrestaShop Service via their Back Office or they may request that their account be deleted by writing to the teams at PrestaShop (privacy@prestashop.com).
Termination will not incur any penalties.
If the User closes their PrestaShop Account User space or subscription to a Third Party Service, it will not terminate other Third Party Services to which the User may have subscribed with the Partner. The User is hereby informed that, in the event of subscription to a Third Party Service, the terms and conditions for terminating that service are defined in the Partner’s general terms of use. The Third Party Service may only be terminated through the Partner.
11.1.2 Termination for convenience
PrestaShop reserves the right to suspend or close a PrestaShop Account User space or a PrestaShop Service at any time, with no explanation or compensation.
If the termination was PrestaShop's decision, the User will be notified by email and in the PrestaShop Account User’s Space. The termination will take effect thirty (30) calendar days from the date of notification.
11.1.3 Suspension and/or termination due to a breach
PrestaShop may suspend or terminate access to a PrestaShop Account user space or to one of the PrestaShop Services the User has subscribed to, namely in the following situations:
- The User's non-acceptance of new General Terms and Conditions and/or new pricing conditions;
- Use of one or more of the PrestaShop Services that is unlawful or unfair or that violates current laws and regulations;
- Behaviour likely to harm PrestaShop’s image;
- Simple suspicion of payment fraud;
- More generally, any violation of these T&Cs.
11.2 Third Party Services Termination
The suspension or termination of a Service will not engender the termination of Third Party Services to which the User has subscribed to with the Partner(s). The User is hereby informed that, in the event of subscription to a Third Party Service, the terms and conditions for terminating that service are defined in the Partner’s general terms of use. The Third Party Service may only be terminated through the Partner directly.
In this way, terminating PrestaShop Checkout will not terminate the PayPal service. In this way, terminating PrestaShop Metrics will not terminate the Google Analytics service. In this way, terminating PrestaShop Facebook will not terminate the Facebook service.
-
Intellectual Property
All texts, graphics, photos, sound and videos within PrestaShop Account and PrestaShop Services are the property of PrestaShop. Any full or partial depiction and/or reproduction and/or operation of the content and services offered by PrestaShop in the framework of PrestaShop Services or PrestaShop websites, by any means whatsoever, without the prior written authorisation of PrestaShop is strictly prohibited and could constitute an infringement as defined by Articles L335-2 et seq. of the French Intellectual Property Code.
The T&Cs will not confer any transfer of ownership to the other Party. Consequently, the User undertakes to refrain from infringing, in any way whatsoever, on the intellectual property rights held by PrestaShop or by Partners in regard to Connectors, Modules and/or Third Party Services.
The User is granted a basic, personal, non-exclusive user licence for downloaded Connectors, in any country in the world, and for the duration of the associated copyrights. This licence is only valid for a single Website.
The User recognises and accepts that the user licence, granted when downloading the Connector corresponding to a PrestaShop Service, is non-transferable, except: (i) As part of a collaboration between the Merchant and a Technical Provider, the User can transfer the Connector and its user licence to the Technical Provider so that they can manage the Connector, or (ii) As part of a collaboration between the Technical Provider and the User, the Technical Provider can transfer the Connector and its user licence to the Merchant so that they can manage the Connector, or (iii) When the User Merchant Website is transferred.
Under these exceptions, the Connector cannot be transferred unless it is accepted by the recipient. Where appropriate, the Connector transfer includes technical support as defined in Article 4 of these T&Cs. Once the Connector has been transferred, the transferring User can no longer access or manage the Connector.
Under no circumstances may the User distribute, licence or make use in any way whatsoever of the Connectors or any of its related components (such as, but not limited to: functional and technical documentation, logos, etc.) for any purpose other than their use within the Merchant Website.
The User understands and accepts that the payment of a Connector is valid for an installation and use on one single Website. Users who utilise the MultiStore agree to settle with PrestaShop for additional user licences, i.e., one licence per Website, by writing to PrestaShop at the following address to request a quote: https://addons.prestashop.com/fr/contactez-nous.
Any breach of the terms of this license could give rise to, at the discretion of PrestaShop, (i) the termination of the license granted in these T&Cs for the disputed Connector, and/or (ii) the deletion of the PrestaShop Account User space, and/or (iii) the PrestaShop Service in question and/or (iv) PrestaShop’s option to refuse any subsequent download of any Connector from PrestaShop Account by the User in question.
-
Personal information
Information relating to our collection and processing of personal data is given in our Personal Data Protection Policy.
For the use of Third Party Services, the User is hereby informed that they may be redirected to Partner websites. These websites are managed on third party servers by people and organisations over which PrestaShop has no control.
As such, we cannot under any circumstances be held liable for the way in which your Data is stored or used on those servers.
We recommend that you read the Partners’ applicable policy regarding personal data protection relative to PrestaShop in order to understand the User’s rights and obligations and how the data will be utilized.
To deliver Support services as defined in Article 4 of these Terms and Conditions, PrestaShop will need to process personal data to provide Support, acting both in the name and on the behalf of the User. For this purpose, the User is responsible for the processing and PrestaShop acts as the subcontractor, as defined by the GDPR.
The Parties explain in Appendix No. ... entitled “Personal Data Protection” the technical and organisational measures implemented by the Service Provider in the name of its performance obligation.
-
Force Majeure
Any event constituting a force majeure event as defined by French courts of law will suspend the Parties’ rights and obligations.
-
Applicable law and jurisdiction
These General Terms and Conditions are subject to French law. An attempt to amicably settle disputes between the Parties in regard to interpreting or performing these General Terms and Conditions must be made first. Should this fail, the Parties hereby assign jurisdiction to the Paris Commercial Court in France.
-
Partial invalidity
If some or all of these T&Cs should be voided for any reason whatsoever, the other provisions will retain their full effect, unless the voided clause involves an obligation that is key to the agreement.
-
Independence of the Parties
The Parties will remain independent of one another. No stipulation contained in these T&Cs was written with the purpose or the end result of establishing any partnership, mandate, representation or subordination between the Parties.
-
Effective date
These T&Cs came into effect in February 2021.
Appendix 1
Personal data outsourcing agreement for Support services
This agreement for the processing of personal data, together with the foregoing General Terms and Conditions and the Personal Data Protection Policy, contain all the terms of use for the Support services, applicable to any User.
As part of that Support, the User may need to communicate personal data to PrestaShop. Pursuant to Article 4, sections 7 and 8 of the GDPR, with respect to personal data, the User is responsible for processing personal data, and the Service Provider is the subcontractor.
Article 1. Definition
For the purposes of this Agreement, wherever the following terms begin with an uppercase letter, they will be understood as having the meanings defined below.
- “Customer”: refers to any person who has entered into a contract with the User via their Merchant Website.
- “Personal Data” refers to any information relating to an identified or identifiable natural person (hereinafter “Person concerned”).
An “identifiable natural person” is an individual who can be identified, directly or indirectly, including by reference to an identifier, such as a name, identification number, location data, an online identifier, or to one or more specific elements specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
Personal Data are those entrusted by the User to PrestaShop for the purpose of their Processing on behalf of the former under this agreement. These data are listed in Article 4 below.
- “Controller”: as defined by Article 4(7) of the GDPR. For the purposes hereof, the User is the Controller.
- “GDPR”: refers to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
- “Processor”: refers to the natural person, legal entity, public authority, service or other organization processing the Personal Data on behalf of the User. For the purposes hereof, PrestaShop is the Processor.
- “Processing”: refers to any operation or set of operations which is performed on Personal Data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Breach”: refers to a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
Article 2. Subject
The purpose of this amendment is to define the terms and conditions under which PrestaShop undertakes to perform the Personal Data Processing operations described below.
As part of their contractual relationship, the Parties undertake to comply with existing regulations governing the processing of Personal Data and, in particular, with the GDPR (as well as French Act 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties, as amended).
Article 3. Term of the agreement
This agreement will take effect upon the User's subscription to the Support services and will come to an end upon termination of the said Support.
Article 4. Description of outsourced processing
- Services rendered:
PrestaShop is authorized to process on behalf of its User all Personal Data necessary to provide Support services.
- Types of operations performed:
The Services rendered and during which PrestaShop may process the User's Personal Data are described in Article 4 of these Terms and Conditions.
- Purposes of Processing:
Access to the Personal Data processed by the Merchant in connection with the operation of its Website is required to allow PrestaShop to meet its contractual commitments and effectively provide Support services.
- Processed Personal Data and data subjects:
Support services require actions by our teams performed on the Merchant Website at the request of the User. Access to the Shop’s Back Office inherently provides access to the User's Personal Data (full name, email address and telephone number).
Likewise, PrestaShop may have access to the User’s Customer data. PrestaShop may have access to the following Personal Data: Customer identification data (full name, postal address, email address and telephone number), as well as to data about any purchases made on the User's Merchant Website.
For the purpose of performance of the services covered by this agreement, the Controller (the User) will provide the Processor with the information required as per the latter's Personal Data Protection Policy.
Article 5. PrestaShop obligations
5.1. Personal Data Processing
PrestaShop undertakes to:
- process the Personal Data solely for the purpose(s) of Processing, as defined in Article 3 and pursuant to the General Terms of Use of the Support services;
- process the Personal Data in accordance with the User's documented instructions. If PrestaShop considers that an instruction violates the GDPR (EU) No. 2016/679 or any other provision of EU law or the laws of the EU Member States relative to data protection, it will immediately notify the Controller. Further, if PrestaShop is required to transfer data to a country outside the European Union, it must inform the User of that legal obligation prior to Processing, unless the law in question prohibits such notification on important grounds of public interest;
The User is hereby informed of the possibility of transmitting written instructions, so long as they are consistent with the Service.
- guarantee the confidentiality of the Personal Data processed by virtue of this agreement. guarantee the confidentiality of Personal Data processed under the Contract. In the event that PrestaShop is legally required to disclose Personal Data to an authority, it must notify the User in advance, unless the law prevents it from doing so on grounds of public interest;
- ensure that the people authorized to process the Personal Data by virtue of this agreement:
- undertake to respect the confidentiality of the Personal Data;
- receive the necessary Personal Data protection training;
- only process Personal Data for the aforementioned Processing purposes.
- incorporate the principles of data protection by design and data protection by default into its tools, products, applications and services.
5.2 Subsequent Processing
The User authorizes PrestaShop to use subcontractors (hereinafter the “subsequent processor”) to carry out specific processing activities.
The User is hereby informed that PrestaShop already uses the processors listed below for its Support services.
For the management and provision of Support to Users, PrestaShop uses software from Zendesk Inc., 1019 Market Street, San Bruno, CA 94103, USA.
That company is an active participant in the Privacy Shield, which guarantees that the level of Personal Data protection that it offers has been deemed sufficient and adequate.
Likewise, PrestaShop uses the Freshdesk software, published by the company Freshworks Inc, 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403. The Data Processing agreement between PrestaShop and Freshworks Inc. stipulates that no Personal Data will be transferred outside the European Union. Otherwise, where applicable, Freshworks Inc. undertakes to take all the necessary measures to ensure a level of protection and security fully consistent with applicable legislation governing Personal Data protection.
As part of the PrestaShop Checkout Services, PrestaShop uses the company Active Contact, 2, rue de Guinée, 1002 Tunis - Tunisia to provide first-line support for Users. A Data Processing contract between PrestaShop and this subcontractor provides a level of protection and security fully consistent with applicable legislation governing personal data protection. As required by applicable legislation governing the subject, the transfer of Data outside the European Union is also safeguarded by standard contractual clauses.
PrestaShop also uses Jira, software published by Atlassian, 341 George Street, Sydney, NSW 2000, Australia, to provide the ticketing system used to transmit User requests to the Support teams. That software is hosted internally on PrestaShop's Google server in Holland, which provides a level of protection that is sufficient and adequate in regard to applicable legislation governing Personal Data protection.
In the event of subsequent Processing, PrestaShop will inform the User of any changes involving the addition or replacement of other processors, at least one (1) month prior to the change, so as to give the User the chance to share any objections to the said changes.
On hiring another subcontractor, PrestaShop undertakes to ensure that the same obligations are imposed upon this subcontractor as those set out in the present Contract regarding Personal Data protection and to ensure that this subcontractor meets the requirements of the above-mentioned regulation.
5.3 Data subjects
Persons’ rights concerning information. The User is responsible for communicating information about Personal Data Processing to its concerned Customers at the time of collection of the said data.
Persons’ exercise of their rights. As far as possible, PrestaShop will help the User fulfil its obligation of handling requests from its Customers to exercise their rights to access, rectify or remove their Personal Data, to object to or restrict the Processing thereof, to data portability and to not be the subject of an automated decision (including profiling).
The services are set up so that the User can respond to its Customers' requests.
5.4 Notification of Personal Data Breaches
PrestaShop will notify the User by email of any Personal Data Breach within seventy-two (72) hours of having become aware of it. This notification will be accompanied by all useful information to enable the User to notify the competent data protection authority of the Breach, if necessary.
PrestaShop will provide the following information, where such is available:
- the nature of the incident;
- the date and time of detection of the incident;
- the affected Personal Data;
- any measures taken directly to limit any additional damage;
- the date and time when the incident came to an end;
- any structural prevention measures going forward.
5.5 Assistance
PrestaShop undertakes to help the User, to the extent possible, fulfil its obligations in respect to the aforementioned Processing as per the conduct of any impact assessments, for the purpose of notification of a data Breach and for the exercise of Customer rights.
5.6 Fate of Personal Data
At the end of the Support services relating to Personal Data Processing, PrestaShop undertakes to return all Personal Data to the User or to the subcontractor assigned by the latter.
This return will include all existing copies in PrestaShop's information system as well as a written guarantee to the User of the destruction of Data, unless applicable legislation prohibits it from destroying Personal Data for a given period of time. In this case, PrestaShop undertakes to uphold the confidentiality of the Personal Data and to archive it in order, in particular, to retain it as proof.
5.6 Documentation
PrestaShop declares that it will keep a written register of all categories of Processing activities performed on behalf of the User.
PrestaShop will provide the necessary documentation to the Controller to demonstrate compliance with all its obligations and to enable the User to conduct audits.
Article 6. User obligations
The User undertakes to:
- document all of its instructions in writing concerning Personal Data Processing by PrestaShop, if specific instructions should be necessary;
- supervise the Processing, including the performance of audits and inspections of PrestaShop's services;
- report any Personal Data Breach which entails a legal obligation to notify the competent supervisory authority.
Article 7. Security Measures
PrestaShop undertakes to implement technical and organizational measures intended to protect the security and confidentiality of the Personal Data against any unauthorized access, alteration, use, modification or disclosure during the performance of the Support services.
To that end, PrestaShop's Support staff are subject to an obligation of confidentiality.
Given the state of the art, the cost of implementation and the nature, scope, context and purposes of the Processing, the Parties undertake to implement all appropriate technical and organizational measures to provide a level of security which is commensurate with the risk.
The User is responsible for the Shop's security at all times.
Article 8. Liabilities
The Parties acknowledge that they share responsibilities to the Customers, pursuant to Article 82 of the GDPR.
The User acknowledges that PrestaShop shall only be held liable for any damage caused by the Processing if the latter has failed to satisfy the obligations specific to processors under the GDPR.