GENERAL TERMS AND CONDITIONS OF USE FOR PRESTASHOP ACCOUNT AND PRESTASHOP SERVICES

 

PREAMBLE

 

PrestaShop, a public limited company with capital of €380 645,55, entered in the Paris company & trade register under no. 497 916 635 and having its registered office at 4, rue Jules Lefebvre, 75009 Paris, France, is the designer and publisher of an open source software solution of the same name, distributed under an open source licence, that enables anyone acting as a professional to quickly and simply create e-commerce websites (hereafter referred to as “PrestaShop”).

 

The purpose of these General Terms and Conditions is to define the rights and obligations of PrestaShop and the user of PrestaShop Account and PrestaShop Services. Together with the PrestaShop Account Personal Data Protection Policy, they constitute the entirety of PrestaShop Account and PrestaShop Service terms and conditions of use that apply to all Users.

 

These T&Cs are available in French and other languages. However, in case of inconsistencies or contradictions between the French version and the various translations of this document, the French version shall take precedence.

 

The following has been agreed upon : 

 

1. Definitions

 

The Parties agree that the following terms and expressions, when written with the first letter(s) capitalized in these Terms and Conditions (including the identification of the parties and the preamble) and in both singular and plural form, shall have the meanings given below:

“Back Office” refers to the interface through which a User can administer and configure their Merchant Websites, add Modules, Themes or access PrestaShop Services;

“Customer” refers to any person making a purchase on the Merchant Website;

“Merchant Website” refers to the e-commerce website based on the Solution and operated by a User for the purpose of their online sales activities;

“Partner” refers to a business partner that worked with PrestaShop to develop the Connectors and Modules which are made available to Users who have subscribed to a PrestaShop Service; 

“Party(-ies)” refers to PrestaShop SA and the User, individually and jointly; 

 

“PrestaShop Essentials Service(s)” refers to one, several or all of the additional services developed and distributed by PrestaShop, to which a User may subscribe from their PrestaShop Account space and which give them access to Third Party Services developed by a Partner.  PrestaShop Essentials Services include: 

The “PrestaShop Checkout Service”, the payment management service to which a User has access after subscribing to the PrestaShop Checkout Service allowing access to the PayPal Third Party Service,

The “PrestaShop Facebook Service”, the service that connects a User’s Merchant Website to their Facebook and Instagram accounts after downloading the PrestaShop Facebook Module which provides access to the Facebook Business Extension Third Party Service,

The “PrestaShop Metrics Service”, the data analysis service to which a User has access after downloading the PrestaShop Metrics Module which provides access to an interface containing their transactional data, their KPIs and up to three months of data history,  

The “PrestaShop Marketing Service”, the product catalogue synchronization and marketing campaign management service to which a User has access after downloading the PrestaShop Marketing Module which provide access to the Google Shopping Third Party Service, 

The "PrestaShop Paylater Service" means the split payment service that the User may offer on the Merchant Site after downloading the module allowing access to the third-party services of Payplug and Oney.

It is specified that each of the above Services will be accessible via a connector (hereinafter referred to as a “Connector”); 

 

“RBM Module(s)” refers to the downloadable software in the PrestaShop Account space which adds one or more features to those offered in the Solution’s out of the box version, whose use may give rise to a recurring charge; 

“Service(s)” and “PrestaShop Service(s)” refer to one, several or all of the additional services to which a User may subscribe from their PrestaShop Account space.  Those Services include PrestaShop Essentials Services and RBM Modules;

 “Solution” refers to the e-commerce open source solution published by PrestaShop and which can be freely downloaded from its website to create a Merchant Website;   

“Support” refers to specific support services the User receives by subscribing to one of the Services; 

“Terms and Conditions” and “T&Cs” refer to these terms and conditions;

“Third Party Service(s)” refers to any service developed by a Partner and accessible via a Connector. Access to such Third Party Services may entail additional charge and be subject to specific Terms of Use;

“User” refers to any physical person or legal entity acting on a professional basis, from the time they register in PrestaShop Account. 

 

2. Acceptance of the Terms and Conditions

 

Access and use of the PrestaShop Services is subject to the User’s full, unconditional acceptance of these T&Cs. That acceptance will be deemed to have been given once the User ticks the “I accept the Terms and Conditions” box during account creation. 

 

If a User does not tick that box, they understand that they will not be able to create a PrestaShop Account space and so will be unable to use any PrestaShop Services, which the Users accept.

 

Users are hereby informed that registration in PrestaShop Account, and the download, installation and use of PrestaShop Services are exclusively reserved for professionals (as defined by consumer law) who are adults or emancipated minors with full legal powers. All Users confirm that they meet these criteria. 

 

This latter point is decisive in the willingness of PrestaShop to enter into this agreement, as the price was defined in relation to the exclusions and limitations of liability stipulated in these T&Cs.

 

Users acknowledge and accept that registration requires the entry of the required information as indicated on the PrestaShop website. Any incomplete registration will prevent the creation and therefore access to PrestaShop Services. Each User warrants that all the information provided is accurate, true and up to date. In the event of any changes to the input information, the User undertakes to modify it accordingly to ensure it continues to meet the aforementioned criteria.

 

• TERMS AND CONDITIONS APPLICABLE TO PRESTASHOP ESSENTIALS SERVICES

 

3. Terms and conditions applicable to PrestaShop Essentials Services 

 

In order to subscribe to PrestaShop Essentials Services and download, install and configure the Connectors, Users must first create a PrestaShop Account space. 

 

The subscription, configuration and use of PrestaShop Services may require having beforehand and/or creating an account with a Partner.  

 

It is each User’s responsibility to review and accept the Partner’s terms of use and financial conditions. 

 

4. Terms and conditions specific to PrestaShop Essentials Services

4.1 PrestaShop Checkout

 

• Subscription to the PrestaShop Checkout Service

Users are hereby informed that use of the PrestaShop Checkout Service requires an existing PayPal account. 

 

If a User does not already have a PayPal account, they will be redirected to the Partner’s website, which is managed by people and/or organizations over which PrestaShop has no control. 

 

That account with PayPal is only binding upon the User in respect of that Partner. It is the User’s responsibility to review and accept the terms of sale and/or use of any Third Party Services.

 

•  Financial conditions of the PrestaShop Checkout Service

The PrestaShop Checkout Connector is available to download for free. 

 

Use of the PrestaShop Checkout Service will generate costs for the Users, as shown on the PrestaShop Checkout Service pricing page. 

 

All listed prices are understood to be exclusive of VAT.

 

The use of Third Party Services may generate additional fees.
 

4.2 PrestaShop Metrics  

 

•  Subscription to the PrestaShop Metrics Services 

 

Users are hereby informed that use of PrestaShop Metrics Services requires an existing Google Analytics account.

 

That account with Google is only binding upon the User in respect of that Partner. It is the User’s responsibility to review and accept the terms of sale and/or use of any Third Party Services.

 

• Financial conditions of PrestaShop Metrics Services 

 

The User must choose the subscription rate for the PrestaShop Metrics service that corresponds to the monthly turnover he/she achieves at the time of subscription. 

 

The monthly rates are as follows: 

 

Monthly turnover achieved	0 to 1000 €	1001 to 10.000 €	more than 10.001 €
Pricing	Free	9,99 € HT	29,99 € HT

 

The prices mentioned are exclusive of VAT.

 

Payment is a prerequisite for access to the PrestaShop Metrics Service. Each of the prices allows access to the same PrestaShop Metrics Service. 

 

After the first month of subscription, the pricing will be adapted, if necessary, automatically to the turnover achieved by the User the month before the next payment. 

 

The payment of the subscription will be done by monthly direct debit according to the terms and conditions communicated to the User. The subscription to the PrestaShop Metrics Service will be invoiced the first time on the day of the subscription of the Service by the User. If the subscription is not terminated, the User will be charged the amount corresponding to the applicable rate according to the turnover achieved the previous month, every month on the anniversary of the subscription date for renewal. 

 

The use of the Third Party Service may generate additional charges. It is the User's responsibility to read and accept the general terms and conditions of sale and/or use of the Third Party Service.

 

If payment is refused or not made to renew the subscription, for whatever reason, the subscription will be automatically suspended and the User will be informed. PrestaShop reserves the right to freeze a payment in order to carry out any verification required by law, including money laundering.

 

• Cancellation of the PrestaShop Metrics Service

 

When a User unsubscribes from the PrestaShop Metrics Service, it will automatically be cancelled at the end of the current subscription month, and the User will have access to the Service’s features up until the time of termination. For paid plans, once a subscription month begins, it will be payable in full and will not qualify for a refund. 

 

Once the PrestaShop Metrics Service is cancelled, the User will no longer have access to the interface and will not be able to retroactively access the data collected by PrestaShop Metrics to which they had access as part of the subscription. 

 

The User may re-enrol in the PrestaShop Metrics Service at any time in the future by subscribing under the same terms and conditions as described above. 

 

4.3 PrestaShop Facebook 

 

• Subscription to the PrestaShop Facebook Service 

 

Users are hereby informed that use of the PrestaShop Facebook Service requires an existing Facebook account. 

 

That account with Facebook is only binding upon the User in respect of that Partner. Users who do not yet have an account will be redirected to a website managed on servers not belonging to PrestaShop, by people and/or organizations over which PrestaShop has no control. 

 

The account they create there is only binding upon the User in respect of that Partner. It is the User’s responsibility to review and accept the terms of sale and/or use of any Third Party Services.

 

•  Financial conditions of the PrestaShop Facebook Service

 

The PrestaShop Facebook Connector is available to download for free. 

 

Use of the PrestaShop Facebook Service will generate costs for the Users, as shown on the PrestaShop Facebook Service pricing page.  

 

All listed prices are understood to be exclusive of VAT.

 

The use of Third Party Services may generate additional fees. 
 

4.4 PrestaShop Marketing 

 

• Subscription to the PrestaShop Marketing Service 

 

Users are hereby informed that use of the PrestaShop Marketing Service requires an existing Google Merchant Center account and a Google Ads account. 

 

If a User needs to create these accounts, they will be redirected to a website managed on servers not belonging to PrestaShop, by people and/or organizations over which PrestaShop has no control. 

 

Those accounts with Google are only binding upon the User in respect of that Partner. It is the User’s responsibility to review and accept the terms of sale and/or use of any Third Party Services.
 

• Financial conditions of the PrestaShop Marketing Service

 

The PrestaShop Marketing Connector is available to download for free. 

 

Use of the PrestaShop Marketing Service will generate costs for the Users, as shown on the PrestaShop Marketing Service pricing page. 

 

All listed prices are understood to be exclusive of VAT.

 

The use of Third Party Services may generate additional fees. 

 

4.4 PrestaShop Paylater

 

• Subscription to the PrestaShop Paylater Service 

 

Users are hereby informed that use of the PrestaShop Paylater Service requires an existing Payplug and Oney account. 

 

If a User needs to create these accounts, they will be redirected to a website managed on servers not belonging to PrestaShop, by people and/or organizations over which PrestaShop has no control. 

 

Those accounts are only binding upon the User in respect of that Partner. It is the User’s responsibility to review and accept the terms of sale and/or use of any Third Party Services.

 

• Financial conditions of the PrestaShop Paylater Service

 

The PrestaShop Paylater Connector is available to download for free. 

 

Use of the PrestaShop Paylater Service will generate costs for the Users, as shown on the PrestaShop Paylater Service pricing page or presented by the Partner. 

 

All listed prices are understood to be exclusive of VAT.

 

The use of Third Party Services may generate additional fees. 

 

5. Content of PrestaShop Essentials Services: Updates and Support 

 

Subscription to any PrestaShop Essentials Service includes the following Support for each of the subscribed Services: 

 

Relevant Service	Update	Support
PrestaShop Checkout	Minor and major Connector updates and maintenance1	Included from the time the Connector is installed2
PrestaShop Metrics
PrestaShop Facebook ([email protected])
PrestaShop Paylater
PrestaShop Marketing

 

¹ NB: Please note, updates are not custom developments, personalized and tailor-made by request for the User’s Merchant Website. 

 

² NB: A Support service is provided to assist the User with any questions about the installation of a PrestaShop Service Connector. The Support service is also available in the event of any malfunctions in the Connector. It is understood that the Support provided is only technical in nature and does not cover the Third Party Services generated via the Connector or for which it plays an intermediary role with the Partner.

The following in particular are excluded from this Support service: certain services offered, such as training and, more generally, any work performed on the User’s Merchant Website.

If the User does make use of this Support, they will be bound to PrestaShop under the data outsourcing Agreement appended hereto (Appendix 1).

 

6. Financial conditions of PrestaShop Essentials Services 

 

Any PrestaShop Essentials Service not described or presented as free in these T&Cs, in the Merchant Website’s Back Office or on the PrestaShop Addons platform is, unless expressly indicated otherwise, a paid service.

 

7. Use of Third Party Services 

 

Any Third Party Service not described or presented as free in these T&Cs, in the Merchant Website’s Back Office or on the PrestaShop Addons platform is, unless expressly indicated otherwise, a paid service.

 

The User will provide the Partner with all of the information it needs to effectively process payments. 

 

If a payment is rejected for any reason whatsoever, the provision or completion of Third Party Services may be suspended in accordance with the Partner’s terms of use. 

 

 8. Cancellation of Third Party Services

 

The suspension or cancellation of a PrestaShop Essentials Service will not engender the cancellation of any Third Party Services to which the User may have subscribed with one or several Partners.  Users are hereby informed that, in the case of subscription to a Third Party Service, the conditions for cancelling that service are defined in the Partner’s terms of use.  The Third Party Service may only be cancelled through the Partner directly. 

 

For example, cancelling PrestaShop Checkout will not cancel the User’s PayPal services. Cancelling PrestaShop Metrics will not cancel the User’s Google Analytics services. Lastly, cancelling PrestaShop Facebook will not cancel the User’s Facebook services.
 

• TERMS AND CONDITIONS APPLICABLE TO RBM MODULES  

 

9. Subscription to RBM Modules 

 

In order to subscribe to, download, install and configure the RBM Modules, Users must first create a PrestaShop Account space. 

 

The subscription, configuration and use of RBM Modules may require having beforehand and/or creating an account with a Partner. Certain RBM Modules allow the User to download a Connector to add an additional feature to their Merchant Website, linked to a Third Party Service. 

 

As applicable, it is each User’s responsibility to review and accept the Partner’s terms of use. 

 

10. Financial conditions of RBM Modules 

 

The contents of the different RBM Modules are indicated in the description of each plan offered by the Partner. 

 

Payment is a prerequisite for access to the features of the RBM Modules. Users will be able to choose between various plans at different price points. All listed prices are understood to be exclusive of VAT. 

 

Payment for the subscription will be made by means of recurring payments, as per the terms communicated to the User. The first invoice for the RBM Module(s) will be issued on the day of the User’s subscription to the Service. Unless the User cancels the subscription, they will be debited for a monthly renewal in the amount corresponding to their chosen plan, on the same day of each month as the date of their subscription. 

 

As applicable, it is each User’s responsibility to review and accept the Partner’s terms of sale and/or use.

 

11. Suspension or cancellation of RBM Modules

 

In the event of cancellation of the RBM Modules, the Services will automatically be cancelled on the date of expiration of the current subscription month, and the User will have access to the Services up until the cancellation is effective. Once a subscription month begins, it will be payable in full and will not qualify for a refund. 

 

Once the cancellation takes effect, the User will no longer have access to the RBM Module(s). As applicable, the consequences of cancellation on all previously collected data and on the Services will be determined by the Partner’s terms of use.   

 

The User may reactivate the RBM Modules at any time in the future by subscribing under the same terms and conditions as described above. 

 

• TERMS AND CONDITIONS APPLICABLE TO ALL SERVICES  

 

12. User obligations and responsibilities

12.1 User obligations

Without prejudice to the other obligations set out in these T&Cs, the User agrees to use their PrestaShop Account space and the Services to which they have subscribed in a way that does not constitute disorderly conduct or offensive action. In that respect, the User will use the Services in compliance with current legislation and regulation and will refrain from any other use. 

 

12.2 User responsibilities

Users subscribe to the Services, and download, configure and use the corresponding RBM Modules and/or Connectors at their own risk. 

 

As such, the Users are bound to comply with all current legal and regulatory provisions. In particular, Users must ensure that they do not commit any (i) violation of any third party intellectual property rights, (ii) injury to a person or violation of their right to privacy, or (iii) disorderly conduct or offensive action, within the context of using the Services, the Third Party Services and the Merchant Website. 

 

Failing that, access to the Services may be temporarily suspended or terminated, as soon as PrestaShop is informed thereof, in accordance with the provisions set out in Article 18 of these T&Cs.

 

Users are also hereby informed that they are solely responsible for any failures of their Merchant Website caused by changes that they themselves made to the Solution. 

 

No Support will be provided to Users when malfunctions and failures of their Merchant Websites are due to code changes and/or additions made to the Solution by the User and/or by any service provider or other third party or Third Party Service.

 

13. Complaints and refunds 

 

Any complaints relating to Third Party Services must be communicated to the Partner in question so that they can be handled by the latter. PrestaShop provides a messaging tool for that purpose, and the Users agree to use that tool only for their interactions with Partners on the subject of User requests and complaints.

 

Complaints will be handled and resolved as per the terms and conditions defined by the Partner, and it is the Users’ responsibility to review them. 

 

Any complaints relating to a technical malfunction or a payment issue are to be submitted directly to PrestaShop. The Users are hereby informed that refunds are subject to PrestaShop’s approval and that the latter reserves the right to request proof from the User in order to determine how to respond to the refund request.

 

14. PrestaShop responsibilities 

 

In principle, PrestaShop Account and the Services are available 24/7, unless there is a scheduled or unscheduled interruption for maintenance reasons or due to a force majeure event. 

 

However, given the purpose of the Services, PrestaShop cannot guarantee the Service will be provided in an uninterrupted manner with no errors, anomalies, viruses, bugs or security breaches. PrestaShop accepts no performance obligations in terms of service levels, whether in terms of response time or resolve time. PrestaShop assumes only a best efforts obligation.  

 

The Users are hereby informed that PrestaShop shall not be held liable for any direct or indirect damage caused to a User which is the exclusive result of a Third Party Service offered by a Partner.

In any case, PrestaShop shall not be held liable for any indirect damage including, but not limited to loss of revenue or turnover, loss or theft of data, drop in traffic, loss of Customers, damage to image or reputation, etc.

 

15. Changes to the Terms and Conditions

 

These T&Cs may be amended by PrestaShop at any time, without prior notice, in order to account for upgrades to PrestaShop Account and the Services, and changes to applicable regulations. Any such changes will come into effect fifteen (15) days after they are published on the website or disclosed to Users. The new version of the T&Cs will be provided on the PrestaShop.com website.  Users are encouraged to regularly review them.  

 

16. Length of subscriptions

 

PrestaShop Account and the Services will be accessible upon a User’s acceptance of these T&Cs and will continue so long as the User utilizes them in accordance with these T&Cs.

 

17. Right of withdrawal

 

As professionals acting to further their commercial, industrial, artisanal or freelance business, Users acknowledge that they do not have a right of withdrawal, which is only enjoyed by consumers as defined by the French Consumer Code.

 

18. Suspension and cancellation 

18.1 Cancellation by a User

A User may cancel and close their PrestaShop Account space or their subscription to a Service at any time from their Back Office. They can also request the deletion of their account space by writing to PrestaShop at [email protected] 

 

Cancellation will not incur any penalties. 

 

The cancellation of a User’s PrestaShop Account space will not terminate any Third Party Services to which the User may have subscribed with a Partner.  Users are hereby informed that, in the case of subscription to a Third Party Service, the conditions for cancelling that service are defined in the Partner’s terms of use.  The Third Party Service may only be cancelled through the Partner directly. 

 

18.2 Cancellation by PrestaShop

PrestaShop reserves the right to suspend or close a User’s PrestaShop Account space or Service at any time, with no explanation or compensation.

 

As applicable, the User will be notified of this by email or via their PrestaShop Account space. This decision will take effect thirty (30) calendar days from the date of notification.

 

18.3 Suspension and/or cancellation due to a breach

PrestaShop may suspend or terminate access to a PrestaShop Account space or to one of the Services to which a User has subscribed, namely in the following situations:

• The User’s non-acceptance of new Terms and Conditions and/or new pricing conditions;
• Use of one or several of the PrestaShop Services that is unlawful or unfair or that violates current laws and regulations;
• Behaviour likely to harm PrestaShop’s image;
• Simple suspicion of payment fraud; 
• More generally, any violation of these T&Cs.

 

19. Intellectual property

 

All texts, graphics, photos, sound and videos within PrestaShop Account and the Services are the property of PrestaShop. Any full or partial depiction and/or reproduction and/or operation of the content and services offered by PrestaShop in the context of the Services or of PrestaShop websites, by any means whatsoever, without the prior written authorization of PrestaShop is strictly prohibited and could constitute an infringement as defined by Articles L335-2 et seq. of the French Intellectual Property Code.

 

The T&Cs will not confer any transfer of ownership to the other Party. Consequently, the Users undertake to refrain from infringing, in any way whatsoever, on the intellectual property rights held by PrestaShop or by the Partners in regard to the Connectors, RBM Modules and/or Third Party Services. 

 

Users are granted a basic, personal, non-exclusive user licence for downloaded Connectors, in any country in the world, and for the duration of the associated copyrights. This licence is only valid for a single Merchant Website. 

 

The Users recognize and accept that the user licence, granted when downloading a Connector for a Service or an RBM Module, is non-transferable, except: (i) in the case of collaboration between a User and a technical service provider, the User may transfer the Connector or the RBM Module and the associated user licence to that provider so that the latter can manage that Connector or RBM Module; (ii) in the case of collaboration between a technical service provider and a user, the provider may transfer the Connector or the RBM Module and the associated user licence to the User so that the latter can manage it; and (iii) in the event of a User’s sale of its Merchant Website.

 

In these exceptional cases, the Connector or RBM Module cannot be transferred unless it is accepted by the recipient. The transfer of a Connector will, if applicable, include technical Support as defined in Article 5 of these T&Cs. Once the Connector or RBM Module has been transferred, the transferring User will no longer be able to access or manage it. 

 

Under no circumstances may the User distribute, licence or make use in any way whatsoever of the Connectors or any of their related components (including but not limited to functional and technical documentation, logos, etc.) for any purpose other than their use on the Merchant Website. 

 

Users understand and accept that payment for a Connector is valid for one (1) installation and use on one (1) Merchant Website. Users who with multiple shops agree to acquire additional user licences from PrestaShop, i.e., one licence per Merchant Website, by writing to PrestaShop at the following address to request a quote: https://addons.prestashop.com/en/contact-us. 

 

Any breach of the terms of this licence could give rise to, at the discretion of PrestaShop, (i) the termination of the licence granted in these T&Cs for the disputed Connector, and/or (ii) the deletion of the PrestaShop Account space and/or (iii) the Service in question and/or (iv) PrestaShop’s option to refuse any subsequent download of any Connector from PrestaShop Account by the User in question.

 

20. Personal data 

 

Information about how we collect and process personal data is provided in our Privacy Policy.

 

For the use of Third Party Services, Users are hereby informed that they may be redirected to Partner websites. Those websites are managed on third party servers by people and/or organizations over which PrestaShop has no control.

 

As such, we cannot under any circumstances be held responsible for the way in which your Data is stored or used on those servers.

 

We recommend that Users review Partner privacy policies relating to PrestaShop in order to understand the Users’ rights and obligations and how their data will be utilized.

 

To deliver Support as defined in Article 5 of these Terms and Conditions, PrestaShop will need to process personal data in the name of and on the behalf of the User. For these purposes, each User is their own data controller, and PrestaShop is the data processor, as defined by the GDPR.

 

In Appendix 1, “Personal Data Processing Agreement for Support Services”, the Parties explain the technical and organizational measures implemented by the service provider in the name of its performance obligation.

 

21. Force majeure

The occurrence of any force majeure event as defined by French courts of law will suspend the Parties’ rights and obligations.

 

22. Applicable law and jurisdiction 

 

These Terms and Conditions are subject to French law. In the event of a dispute between the Parties regarding interpretation or enforcement of the T&Cs, attempts will be made to reach an amicable settlement. Should this fail, the Parties hereby assign jurisdiction to the Paris Commercial Court in France.

 

23. Partial invalidity

If some or all of these T&Cs should be voided for any reason whatsoever, the other provisions will retain their full effect, unless the voided clause involves an obligation that is key to the agreement. 

 

24. Independence of the Parties

 

The Parties will remain independent of one another. No stipulation contained in these T&Cs was written with the purpose or the end result of establishing any partnership, mandate, representation or subordination between the Parties.

 

25. Effective date

 

These T&Cs came into effect in January 2022.

 

---

 

 

This agreement for the processing of personal data, together with the foregoing General Terms and Conditions and the Personal Data Protection Policy, contain all the terms of use for the Support services, applicable to any User.

 

As part of that Support, the User may need to communicate personal data to PrestaShop. Pursuant to Article 4, sections 7 and 8 of the GDPR, with respect to personal data, the User is responsible for processing personal data, and the Service Provider is the subcontractor.

 

Article 1. Definition

 

For the purposes of this Agreement, wherever the following terms begin with an uppercase letter, they will be understood as having the meanings defined below.

 

• “Customer”: refers to any person who has entered into a contract with the User via their Merchant Website.
• “Personal Data” refers to any information relating to an identified or identifiable natural person (hereinafter “Person concerned”).

An “identifiable natural person” is an individual who can be identified, directly or indirectly, including by reference to an identifier, such as a name, identification number, location data, an online identifier, or to one or more specific elements specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Personal Data are those entrusted by the User to PrestaShop for the purpose of their Processing on behalf of the former under this agreement. These data are listed in Article 4 below.

 

• “Controller”: as defined by Article 4(7) of the GDPR. For the purposes hereof, the User is the Controller.
• “GDPR”: refers to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
• “Processor”: refers to the natural person, legal entity, public authority, service or other organization processing the Personal Data on behalf of the User. For the purposes hereof, PrestaShop is the Processor.
• “Processing”: refers to any operation or set of operations which is performed on Personal Data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• “Breach”: refers to a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

 

Article 2. Subject

 

The purpose of this amendment is to define the terms and conditions under which PrestaShop undertakes to perform the Personal Data Processing operations described below.

 

As part of their contractual relationship, the Parties undertake to comply with existing regulations governing the processing of Personal Data and, in particular, with the GDPR (as well as French Act 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties, as amended).

 

Article 3. Term of the agreement

 

This agreement will take effect upon the User's subscription to the Support services and will come to an end upon termination of the said Support.

 

Article 4. Description of outsourced processing

 

• Services rendered: PrestaShop is authorized to process on behalf of its User all Personal Data necessary to provide Support services.

 

• Types of operations performed: The Services rendered and during which PrestaShop may process the User's Personal Data are described in Article 5 of these Terms and Conditions.

 

• Purposes of Processing: Access to the Personal Data processed by the Merchant in connection with the operation of its Website is required to allow PrestaShop to meet its contractual commitments and effectively provide Support services. 

 

• Processed Personal Data and data subjects: Support services require actions by our teams performed on the Merchant Website at the request of the User. Access to the Shop’s Back Office inherently provides access to the User's Personal Data (full name, email address and telephone number).

Likewise, PrestaShop may have access to the User’s Customer data. PrestaShop may have access to the following Personal Data: Customer identification data (full name, postal address, email address and telephone number), as well as to data about any purchases made on the User's Merchant Website.

 

For the purpose of performance of the services covered by this agreement, the Controller (the User) will provide the Processor with the information required as per the latter's Personal Data Protection Policy.

 

Article 5. PrestaShop obligations

5.1. Personal Data Processing

PrestaShop undertakes to:

1. process the Personal Data solely for the purpose(s) of Processing, as defined in Article 5 and pursuant to the General Terms of Use of the Support services;

 

2. process the Personal Data in accordance with the User's documented instructions. If PrestaShop considers that an instruction violates the GDPR (EU) No. 2016/679 or any other provision of EU law or the laws of the EU Member States relative to data protection, it will immediately notify the Controller. Further, if PrestaShop is required to transfer data to a country outside the European Union, it must inform the User of that legal obligation prior to Processing, unless the law in question prohibits such notification on important grounds of public interest;

 

The User is hereby informed of the possibility of transmitting written instructions, so long as they are consistent with the Service.

 

3. guarantee the confidentiality of the Personal Data processed by virtue of this agreement. guarantee the confidentiality of Personal Data processed under the Contract. In the event that PrestaShop is legally required to disclose Personal Data to an authority, it must notify the User in advance, unless the law prevents it from doing so on grounds of public interest; 

 

4. ensure that the people authorized to process the Personal Data by virtue of this agreement:

• undertake to respect the confidentiality of the Personal Data;
• receive the necessary Personal Data protection training;
• only process Personal Data for the aforementioned Processing purposes.

 

5. incorporate the principles of data protection by design and data protection by default into its tools, products, applications and services.

 

5.2 Subsequent Processing

 

The User authorizes PrestaShop to use subcontractors (hereinafter the “subsequent processor”) to carry out specific processing activities.

 

The User is hereby informed that PrestaShop already uses the processors listed below for its Support services.

For the management and provision of Support to Users, PrestaShop uses software from Zendesk Inc., 1019 Market Street, San Bruno, CA 94103, USA. A data processing agreement between PrestaShop and this Subsequent Processor provides a level of protection and security fully consistent with applicable personal data protection legislation. As required by applicable legislation on the subject, the transfer of Personal Data outside the European Union is also safeguarded by standard contractual clauses.

 

For the PrestaShop Checkout Service, PrestaShop uses the company Active Contact, 2 rue de Guinée, 1002 Tunis, Tunisia, to provide first-line support for Users. A data processing agreement between PrestaShop and this Subsequent Processor provides a level of protection and security fully consistent with applicable personal data protection legislation. As required by applicable legislation on the subject, the transfer of Personal Data outside the European Union is also safeguarded by standard contractual clauses.

 

For the PrestaShop Metrics Service and the RBM Modules, PrestaShop uses the company Chargebee Inc., 340 S Lemon Ave #1537, Walnut, CA, 91789, USA. A data processing agreement between PrestaShop and this Subsequent Processor provides a level of protection and security fully consistent with applicable personal data protection legislation. As required by applicable legislation on the subject, the transfer of Personal Data outside the European Union is also safeguarded by standard contractual clauses.

 

PrestaShop also uses Jira, software published by Atlassian, 341 George Street, Sydney, NSW 2000, Australia, to provide the ticketing system used to transmit User requests to the Support teams. That software is hosted internally on PrestaShop’s Google server in the Netherlands, which provides a level of protection that is sufficient and adequate in regard to personal data protection legislation.

 

In the event of subsequent Processing, PrestaShop will inform the User of any changes involving the addition or replacement of other processors, at least one (1) month prior to the change, so as to give the User the chance to share any objections to the said changes.

 

On hiring another subcontractor, PrestaShop undertakes to ensure that the same obligations are imposed upon this subcontractor as those set out in the present Contract regarding Personal Data protection and to ensure that this subcontractor meets the requirements of the above-mentioned regulation.

 

5.3 Data subjects

 

Persons’ rights concerning information. The User is responsible for communicating information about Personal Data Processing to its concerned Customers at the time of collection of the said data.

 

Persons’ exercise of their rights. As far as possible, PrestaShop will help the User fulfil its obligation of handling requests from its Customers to exercise their rights to access, rectify or remove their Personal Data, to object to or restrict the Processing thereof, to data portability and to not be the subject of an automated decision (including profiling).

 

The services are set up so that the User can respond to its Customers' requests.

 

5.4 Notification of Personal Data Breaches

 

PrestaShop will notify the User by email of any Personal Data Breach within seventy-two (72) hours of having become aware of it. This notification will be accompanied by all useful information to enable the User to notify the competent data protection authority of the Breach, if necessary.

 

PrestaShop will provide the following information, where such is available:

• the nature of the incident;
• the date and time of detection of the incident;
• the affected Personal Data;
• any measures taken directly to limit any additional damage;
• the date and time when the incident came to an end;
• any structural prevention measures going forward.

 

5.5 Assistance

 

PrestaShop undertakes to help the User, to the extent possible, fulfil its obligations in respect to the aforementioned Processing as per the conduct of any impact assessments, for the purpose of notification of a data Breach and for the exercise of Customer rights.

 

5.6 Fate of Personal Data

 

At the end of the Support services relating to Personal Data Processing, PrestaShop undertakes to return all Personal Data to the User or to the subcontractor assigned by the latter.

 

This return will include all existing copies in PrestaShop's information system as well as a written guarantee to the User of the destruction of Data, unless applicable legislation prohibits it from destroying Personal Data for a given period of time. In this case, PrestaShop undertakes to uphold the confidentiality of the Personal Data and to archive it in order, in particular, to retain it as proof.

 

5.6 Documentation

 

PrestaShop declares that it will keep a written register of all categories of Processing activities performed on behalf of the User.

 

PrestaShop will provide the necessary documentation to the Controller to demonstrate compliance with all its obligations and to enable the User to conduct audits.

 

Article 6. User obligations

 

The User undertakes to:

1. document all of its instructions in writing concerning Personal Data Processing by PrestaShop, if specific instructions should be necessary;
2. supervise the Processing, including the performance of audits and inspections of PrestaShop's services;
3. report any Personal Data Breach which entails a legal obligation to notify the competent supervisory authority. 

 

Article 7. Security Measures 

 

PrestaShop undertakes to implement technical and organizational measures intended to protect the security and confidentiality of the Personal Data against any unauthorized access, alteration, use, modification or disclosure during the performance of the Support services.

 

To that end, PrestaShop's Support staff are subject to an obligation of confidentiality. 

 

Given the state of the art, the cost of implementation and the nature, scope, context and purposes of the Processing, the Parties undertake to implement all appropriate technical and organizational measures to provide a level of security which is commensurate with the risk.

 

The User is responsible for the Shop's security at all times. 

 

Article 8. Liabilities

The Parties acknowledge that they share responsibilities to the Customers, pursuant to Article 82 of the GDPR.

 

The User acknowledges that PrestaShop shall only be held liable for any damage caused by the Processing if the latter has failed to satisfy the obligations specific to processors under the GDPR.