PRIVACY POLICY OF PRESTASHOP.COM
June 2025
It is normal to place special emphasis on how your data is obtained, used and shared.
That is why this personal data protection policy (the “Policy”) has been created to help you understand the practices and conditions in which PrestaShop SA – a public limited company entered the Paris company and trade register under no. 497 916 635 (“PrestaShop”) gathers, uses and stores your personal data (the “Data”).
In this document you will find the various Data that we may collect and process or that you may provide to us when you access to the official PrestaShop website (the “Website”) or to the PrestaShop forum (the “Forum”), when you join the PrestaShop Experts Program via this website,
The abovementioned URLs are collectively referred to as the “Websites”.
Use of all the Websites is subject to this Policy.
It does not apply to information collected by any third party or through websites managed by the latter, including via applications and content (including advertisements) redirecting users to the Website.
Please read the Policy carefully to clearly understand our practices regarding the processing of your Data. Please be aware that you must agree to this Policy in order to view and/or use our Websites.
You may choose not to provide us with some of your Data. If you do so, the service we offer you may be affected.
If you do not agree, please do not use our Websites.
ARTICLE 1 – DATA CONTROLLER
PrestaShop, acting as a data controller, within the meaning of the General Data Protection Regulation 2016/679 dated 27 April 2016 (“GDPR) and the amended “Informatique et Libertés” law of 6 January 1978 attaches great importance to the principle of personal data protection.
ARTICLE 2 – COLLECTED DATA
2.1 Personal Data
Depending on the nature and purpose of your interaction with PrestaShop (downloading the solution, creating a user account on the Forum, subscribing to one or more of the Newsletters, filling in the contact forms, as well as during possible telephone exchanges) we are likely to collect the following Data :
- Data relating to your identity (such as your name, first name, user category, e-mail address…) may be requested ;
- Data relating to navigation: this is Data relating to the way in which you use the Websites including : IP address, the browser used, the duration of navigation, the search history, the operating system used, the language and the pages viewed ;
- Data relating to the use of social networks when you use their features ;
- Business and financial data such as turnover achieved ;
- Telephone conversations
2.2. Non-personal data
You acknowledge and agree that the information intended for publication in the Forum that you provide (the “Contributions”) as well as your user name are public, any other user of the Forum may have access to it, even after unsubscribing or deleting your account. Consequently, the Contributions and the answers to them will not be subject to deletion.
In addition, you acknowledge that the following elements do not constitute personal data, and may not be subject to a request for modification or deletion :
- Any data relating to a company, including but not limited to: a company telephone number, a company email address, a registered trademark, a company name, a link to a company web page or a company social network profile ;
- Any technical or computer data, including but not limited to: the code and components of a module distributed under an open source license, computer formulas ;
- Users’ contributions, provided that they are not identifiable, including but not limited to: the content of replies sent to other users on the Forum, messages opening a topic on the Forum.
ARTICLE 3 – COLLECTION PROCESS
Data can be collected in several ways on the Websites.
It may be collected directly when you communicate with us through user account creation and Newsletter subscription forms available on our Websites, when you download the solution and documentation available on the Websites, when you book training courses and when you notify us of illicit content.
Furthermore, we are likely to collect your Data when you use the various contact forms on the Websites and/or communicate with PrestaShop by telephone or email.
When you contact us via these various means, a copy of your conversation with PrestaShop, including email addresses, is created and archived.
You may also submit Contributions to us on our Websites for free access, or to other users or third parties. Your Contributions to the Websites are posted at your own risk. PrestaShop cannot control the actions of other users of the Websites with whom you share your Contributions. Thus, we cannot guarantee that your Data will not be viewed by unauthorized users. Requests to remove Contributions posted on the Websites should be sent to [email protected]. In some cases, Contributions may not be deleted. In such cases, you will be informed of the reason for the refusal.
PrestaShop also indirectly collects your Data through cookies and tracers. We invite you to read our Cookie Policy provided in Annex 1, which is designed to help you better understand these technologies and how we use them on our Websites and in our services, applications and tools.
ARTICLE 4 – PURPOSES AND LEGAL BASIS
ARTICLE 5 – RECIPIENTS
5.1 PrestaShop collaborators and our parent company
Your Data may be processed by the PrestaShop employees as well as those of our parent company.
In addition, your Data may also be shared with our parent company to support the management of our operations, improve our products and services, ensure compliance with legal or regulatory obligations, and facilitate corporate governance. This sharing is carried out in accordance with applicable data protection laws and under appropriate safeguards to ensure the confidentiality and security of your Data.
5.2 Third parties
Furthermore, as part of our activity, and for external processing purposes, your Data may be communicated to subcontractors, service providers, or other third parties. The latter is obliged, by a Data subcontracting contract, to respect the confidentiality of the Data and to use it only for the purposes for which we transmit it to them. In addition, transfers of Data outside the European Union are subject to the signing of standard contractual clauses with them. A list of the relevant recipients is provided in Appendix 1.
Furthermore, regarding partner agencies:
- Your Data will also be shared with the partner agency you have chosen to contact by completing the contact form on the page dedicated to that agency on the Website.
- Additionally, for members of the Experts Program Agency, your Data may be shared with our official partners, always in compliance with applicable data protection laws and under conditions that ensure its confidentiality and security.
5.3 Disclosure in case of transfer
Your Data may also be sent to any buyer or successor in the event of the merger, transfer, restructuring, reorganization, dissolution or other sale or transfer of some or all of PrestaShop’s assets due to uncertainties, bankruptcy, liquidation or other processes in which the Data of Users of PrestaShop’s various websites are listed among the transferred assets.
5.4 Legal disclosure
Lastly, we may also disclose your Data :
- To comply with legal mandates, laws and legal procedures, including governmental and regulatory requests,
- If we deem that disclosure is required or appropriate within the scope of protecting the rights, ownership or security of PrestaShop, our clients and other stakeholders. This disclosure includes exchanging information with other companies and organizations for the purpose of protecting against fraud and counterfeiting.
ARTICLE 6 – DATA TRANSFERS
In accordance with Article 5 above, Data may be transferred to our Partners and/or Subcontractors located outside the European Union. In such cases, PrestaShop takes all necessary measures to ensure the security of Data transferred outside the EU.
By using the Sites, you therefore consent to your Data being transferred to these servers.
ARTICLE 7 – Period for which the personal data will be stored
PrestaShop only stores your Data for the period necessary for the purposes explained in Article 4.
This storage period varies according to the Data in question, as it may be affected by the nature and purpose of the collection. Similarly, certain legal obligations stipulate a specific storage period.
When you contact PrestaShop through the various contact forms, telephone numbers, your Data will be kept for three (3) years from the last exchange with PrestaShop and then deleted.
Telephone Recording Data for service improvement and training purposes is retained for one (1) year from the time of recording.
If you contact us to become a partner agency or a partner, your Data will be kept for the duration of the contract and for five (5) years from the end of the contractual relationship. Otherwise, it will be kept for three (3) years.
When you use the contact form to contact an agency, your Data will be kept for six (6) months and then archived for five (5) years as evidence of our contractual relationship with the agency. It will then be deleted.
When you comment on an agency, your Data will be retained for eighteen (18) months.
In the context of the Forum :
- Your Login Data will be retained for one (1) year from each login.
- Your User Account Information is retained for the duration of your registration and for two (2) years after you close your account.
When you wish to download one of our guides, and you have accepted or subscribed to our Websites’ Newsletters, your Data will be retained until you unsubscribe from them. If you have not agreed to receive our Newsletters in this form, your Data will be kept for two (2) years.
When you report illegal content to PrestaShop, the length of time we retain Data may vary depending on the infringement and the statute of limitations applicable to the infringement.
When you wish to promote your shop on our Websites, your Data will be kept for the duration of the promotion of your Websites, at this address /examples. It will be deleted at your request.
Where you exercise your rights under Article 9 of this Policy, your Data will be stored for a period of five (5) years and then deleted.
Finally, with respect to Data collected by means of cookies or tracers, it will be retained for the period indicated in the PrestaShop.com Cookie Policy below (annex 2).
ARTICLE 8 – Rights
8.1 Rights to your Data
In accordance with the provisions of the applicable regulations on the protection of personal data, in particular the European Regulation 2016/679 on Data Protection (hereinafter the “RGPD”) as well as the amended “Informatique et Libertés” law of 6 January 1978, we undertake to guarantee the exercise of your rights.
Regardless of the purpose or legal basis of the processing, you have :
- A right of access to the Data we hold about you,
- A right to rectify your Data that we already hold,
- A right to have your Data deleted,
- A right to limit the processing of your Data,
- A right to set out instructions on what to do with your Data in the event of your death.
If you have given us your consent to process your Data, you also have the right to withdraw that consent at any time. However, the withdrawal of consent does not render unlawful any processing already carried out on that legal basis.
If you have given us your consent to process your Data or the processing is based on contractual commitment, you have a right to the portability of your Data provided.
Finally, if the processing is based on the legitimate interest of PrestaShop, you have a right to object on legitimate grounds in accordance with Article 21 of the GDPR ; where the data is processed for the purpose of canvassing, you will not be required to provide grounds.
8.2 Exercising these rights
You may exercise these rights by sending an email in English, French or Spanish to [email protected] or to the following address :
PrestaShop S.A – LegalComplaints Department
Personal Data
82 Av. du Maine, 75014 Paris198, avenue de France – 75013 Paris
We have a period of one month to respond to any request relating to the exercise of your rights from the date of receipt of the request. This period may be extended by two months, due to the complexity or excessive number of requests.
In accordance with Article 12.6 of the RGPD, to exercise these rights, PrestaShop, as the data controller, reserves the right to ask you to prove your identity. We inform you that the data allowing us to justify your identity will be deleted once we have answered your request.
Finally, you have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), notably on its website www.cnil.fr.
8.2 Exercising these rights
You may exercise these rights by sending an email in English, French or Spanish to [email protected] or to the following address :
PrestaShop S.A – Legal Department
82 Av. du Maine, 75014 Paris
We have a period of one month to respond to any request relating to the exercise of your rights from the date of receipt of the request. This period may be extended by two months, due to the complexity or excessive number of requests.
In accordance with Article 12.6 of the RGPD, to exercise these rights, PrestaShop, as the data controller, reserves the right to ask you to prove your identity. We inform you that the data allowing us to justify your identity will be deleted once we have answered your request.
Finally, you have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), notably on its website www.cnil.fr.
ARTICLE 9 – Security of Data
Your Data is stored on secure servers protected by firewalls and antivirus software.
We have implemented technical and organizational measures intended to protect the security and confidentiality of your Data against any accidental loss and any unauthorized access, use, modification or disclosure.
Given the inherent characteristics of the internet, we cannot guarantee the optimal security of information exchanged over this network.
We strive to protect your Data, but cannot guarantee the absolute security of information sent to the Website. You agree that you provide your Data at your own risk.
We cannot be held liable for any failure to comply with privacy settings and security measures implemented on our Websites.
As such, you agree that the security of your information is equally your responsibility. For instance, you are responsible for keeping your user account password confidential.
Never provide it to any third parties. Similarly, be careful when you share information in the public sections of the Websites as they can be viewed by all Websites users.
The Websites may contain links to various social network platforms managed on third party servers by people and organizations over which PrestaShop has no control.
As such, we cannot under any circumstances be held liable for the way in which your Data is stored or used on those third party servers.
We recommend that you read the applicable policy regarding personal Data protection for each third party Websites you access via our Websites in order to understand how your Data will be used.
Article 10 – Revision of the Policy
Given the constant evolution of laws and regulations regarding technology and the protection of personal data, it is likely that this Policy will be updated.
If you are a user of the Websites, you will be notified of any major changes by email.
If any provision of this Policy is found to be invalid or unlawful, it shall be deemed unwritten and shall not affect the validity of the remaining provisions of the Policy.
ANNEX 1
OUR SUB-PROCESSORS
The following Sub-processors may process your Data:
ANNEX 2
COOKIE POLICY
This cookie policy is intended to help you better understand these technologies and how we use them when you visit or use our websites.
What is a cookie?
Cookies are small text files (usually made up of letters and numbers) stored in your browser or device memory when you visit a website or view a message.
They allow a website to recognize your browser or device. Like most websites, PrestaShop uses technologies—primarily in the form of small data files stored on your device—that enable us to record certain information when you visit or use our Site.
There are several types of cookies:
- Session cookies: These expire when you close your browser and allow us to link your actions during that particular session.
- Persistent cookies: These are stored on your device between browsing sessions and allow us to remember your preferences or actions across multiple sites.
- First-party cookies: These are set by the website you’re visiting.
- Third-party cookies: These are set by a site other than the one you’re visiting.
| Cookie Provider | Cookie Name | Purpose of Cookie | Lifespan |
|---|---|---|---|
| Axeptio | axeptio_cookies | Manages user consent on our websites. | 1 year |
| axeptio_all_vendors | Manages user consent on our websites. | 1 year | |
| axeptio_authorized_vendors | Manages user consent on our websites. | 1 year | |
| Cloudflare | __cf_bm | Required for bot protection. | 30 minutes |
| Google Analytics | _ga | Allows delivery of our ads on the Google network. | 13 months |
| _gat_UA-nnn | Assigns an ID to each visitor to distinguish them. | Browser session | |
| _gid | Allows delivery of our ads on the Google network. | 24 hours | |
| Contentsquare | _cs_id | Contains an anonymous user ID for ContentSquare. | 13 months |
| _cs_s | Contains pageview count in the current session for ContentSquare. | 30 minutes | |
| _cs_mk | Used for integration with Google Analytics. | 30 minutes | |
| _cs_vars | Used by ContentSquare to create analysis variables. | Browser session | |
| _cs_c | Stores user consent for data collection. | 13 months | |
| _cs_same_site | Identifies the user via a unique ID. | Browser session | |
| Impact | IR_PI | Partnership management. | 720 days |
| IR_17612 | Partnership management. | Browser session | |
| IR_gbd | Partnership management. | Browser session | |
| Segment | analytics.js | Tracks user interactions with the page. | 1 year |
| AB Tasty | ABTasty | A/B testing data. | 13 months |
| ABTastySession | A/B testing user session. | Browser session | |
| ABTastyDomainTest | A/B testing data. | A few minutes | |
| Hubspot | hubspotutk | Enables visitor authentication. | 13 months |
| __hstc | Used for timestamping. | 12 months | |
| __hssc | Tracks sessions; determines if session/timestamp data should be incremented. | 30 minutes | |
| __hssrc | Determines if the visitor has restarted their browser. | End of session | |
| Zendesk | __zlcmid | Enables live chat; keeps chat session across pages or return visits. | 12 months |
| _fbp | Encrypted Facebook ID and browser ID. | 3 months | |
| bscookie | Tracks usage of embedded services. | 12 hours | |
| lang | Stores custom variables such as language. | Browser session | |
| lissc | Tracks usage of embedded services. | 12 months | |
| lidc | Tracks usage of embedded services. | 24 hours | |
| UserMatchHistory | Enables LinkedIn to deliver targeted ads. | 2 months | |
| personalization_id | Identifies visitors from Twitter. | 13 months |
How to manage cookie storage and access
Some features on our sites, services, applications, and tools are only available through these cookies or tracking technologies.
However, refusing the use of these technologies may result in certain features of our services becoming unavailable.
To manage cookies in your browser, please refer to the links below:
- Google Chrome
- Mozilla Firefox
- Microsoft Edge
- Opera
- Internet Explorer
- Apple Safari