Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
PrestaShop is a French open source e commerce platform used by SMEs and large brands across Europe. It runs PHP and MySQL, with cloud and self hosted options.
PrestaShop is an open source PHP and MySQL e commerce platform developed by PrestaShop SA, a French company based in Paris. It powers over 250,000 online stores in Europe, with a strong presence in France, Spain, Italy and Poland. It can be self hosted on any LAMP stack or run on the official PrestaShop Cloud (AWS EU).
By default PrestaShop sets the PrestaShop-* first party cookies for the session and the shopping cart, plus a CSRF token. These cookies are strictly necessary. Additional cookies are added when marketing or analytics modules are enabled.
Order and account data are processed under Article 6(1)(b) GDPR. Marketing modules, advertising tags and analytics require valid consent under Article 5(3) ePrivacy and Article 6(1)(a) GDPR.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
You do not need consent for the strictly necessary checkout cookies. PrestaShop ships an official GDPR module that helps with data subject requests. Marketing, analytics and advertising modules must be gated behind a consent management platform.
If you self host in the EU there is no transfer. PrestaShop Cloud uses AWS EU. Third party modules (Mailchimp, Klaviyo, Hubspot, Google Tag Manager) may introduce US transfers that require SCCs and a transfer impact assessment.
Host PrestaShop on EU infrastructure, enable the official GDPR module, integrate a CMP (Axeptio, Cookiebot, Klaro), block marketing modules before consent, document each third party module and its sub processors, and audit the cookie inventory monthly.
Websites using PrestaShop must obtain user consent under GDPR regulations.
DPIA considerations
The platform itself rarely triggers a DPIA. A DPIA can be needed for advanced modules (advertising, customer segmentation, loyalty profiling) and for third party integrations such as US payment or marketing tools.
Sample consent text
Our online store runs on PrestaShop, an open source platform developed by PrestaShop SA in France. Order and account data are processed to fulfil your purchase. Marketing and analytics cookies are activated only with your prior consent.
Third-party domains contacted
prestashop.comaddons.prestashop.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| PrestaShop-{hash} | first_party | 20 days | Session and cart identifier (strictly necessary). |
| checksum | first_party | Session | Verifies the integrity of the visitor session. |
PrestaShop uses cookies for user preferences — inform visitors with a consent banner.
PrestaShop sets first party cookies starting with PrestaShop- for the session and cart, plus a CSRF token. These are strictly necessary. Marketing and analytics modules add their own cookies.
Not for the strictly necessary cookies. Yes for analytics, advertising and marketing modules.
Article 6(1)(b) GDPR for orders, Article 6(1)(a) GDPR and Article 5(3) ePrivacy for marketing and analytics modules.
No when self hosted in the EU. Yes if you enable third party modules like Mailchimp, Klaviyo or Google Tag Manager that route data through US infrastructure.
Usually limited. Run a DPIA when you enable behavioural profiling, loyalty scoring or advanced analytics modules.
Host PrestaShop in the EU, enable the official GDPR module, integrate a CMP, disable marketing modules until consent is given and audit your installed modules.
Magento (Adobe Commerce), WooCommerce, Shopify, BigCommerce, Sylius. EU based and self hosted options minimise transfer issues.
Run a scanner on staging and production each release, separate strictly necessary cookies from consent based ones and document the third party modules in your policy.