Privacy Policy

1. Who We Are

GPSR Compliance Pro is a PrestaShop module designed to help online merchants comply with the EU General Product Safety Regulation (EU) 2023/988. The module is developed and sold exclusively through the PrestaShop Addons marketplace.

This Privacy Policy explains how we collect, use, and protect information when you visit our website at gpsrprestashop.com (the “Website”). It does not cover the PrestaShop Addons marketplace, which has its own privacy policy, nor does it cover how merchants use our module within their own stores.

2. What Data We Collect

We are committed to collecting only the minimum data necessary to operate and improve our Website. Below is a complete overview of the information we process.

2.1 Website Analytics

We use Google Analytics 4 (GA4) to understand how visitors interact with our Website. This includes anonymized data such as:

• Pages visited and time spent on each page
• Referral source (how you arrived at our Website)
• General geographic region (country or city level, never precise location)
• Device type, browser, and operating system
• Interactions with site elements (clicks, scrolls)

IP addresses are anonymized before any processing or storage takes place. We do not use Google Analytics to identify individual visitors, and we have disabled all advertising and data-sharing features within GA4.

2.2 Cookie Consent Preferences

We use Usercentrics as our Consent Management Platform (CMP) to manage your cookie preferences. Usercentrics stores a record of the consent choices you make, including:

• Whether you have accepted or declined specific cookie categories
• The date and time of your consent decision
• A unique, anonymous consent identifier

2.3 What We Do Not Collect

It is important to note what this Website does not collect:

• No account creation — This Website does not offer user accounts, login, or registration.
• No contact forms — We do not operate contact forms that collect personal data on this Website. You may reach us directly via email.
• No payment processing — All purchases of the GPSR Compliance Pro module are handled entirely by the PrestaShop Addons marketplace. We never process or store payment information.
• No personal data via the module — The GPSR Compliance Pro module itself does not transmit any data to us. All product data, manufacturer information, and responsible person details entered by merchants are stored exclusively in the merchant’s own PrestaShop database and remain entirely under the merchant’s control.

3. Cookies

Our Website uses cookies to provide essential functionality and to analyze site usage with your consent. For a detailed breakdown of every cookie we use, including their names, purposes, durations, and providers, please see our separate Cookie Policy.

In summary, we use the following categories of cookies:

• Strictly necessary cookies — Required for the Website to function and for the consent banner to work. These cannot be disabled.
• Analytics cookies — Used by Google Analytics 4 to collect anonymized usage data. These are only set if you give your consent.

You can manage or withdraw your cookie consent at any time by clicking the cookie settings link in the footer of any page, or by interacting with the Usercentrics consent banner.

4. Google Analytics

We use Google Analytics 4 (measurement ID: G-1LTFLXW7PX) to analyze website traffic and improve our content. Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”).

Key details about our Google Analytics implementation:

• IP anonymization is enabled. Google Analytics 4 does not log or store full IP addresses.
• No advertising features are enabled. We do not use Google Signals, remarketing, or demographics reporting.
• Data processing is governed by Google’s privacy terms. Google may process data on servers located outside the European Economic Area. Google has committed to adequate safeguards under applicable data transfer mechanisms.
• Analytics cookies are only placed after you have given consent through our Usercentrics consent banner.

For more information on how Google handles data, please review Google’s Privacy Policy and Google Analytics’ data practices.

You may opt out of Google Analytics tracking at any time by withdrawing your consent through the cookie banner or by installing the Google Analytics Opt-out Browser Add-on.

5. Usercentrics Consent Management Platform

We use Usercentrics to manage cookie consent on our Website in accordance with the EU ePrivacy Directive and the General Data Protection Regulation (GDPR). Usercentrics is provided by Usercentrics GmbH, based in Munich, Germany.

Usercentrics enables us to:

• Present you with a clear overview of the cookies and tracking technologies used on our Website
• Obtain and record your consent before non-essential cookies are placed
• Allow you to change or withdraw your consent at any time

When you interact with the Usercentrics consent banner, a cookie is stored on your device to remember your preferences. This cookie is classified as strictly necessary and does not require your consent.

For more information, please review the Usercentrics Privacy Policy.

6. Third-Party Services

We rely on a limited number of third-party services to operate and distribute our product. Below is a summary of each:

6.1 PrestaShop Addons Marketplace

The GPSR Compliance Pro module is sold and distributed through the PrestaShop Addons marketplace. When you purchase or download our module, the transaction is handled entirely by PrestaShop SA. We do not receive or process your payment details. Please review PrestaShop Addons’ Terms and Conditions for information on how they handle your data.

6.2 Google Analytics

Web analytics service provided by Google Ireland Limited. See Section 4 for full details.

6.3 Usercentrics

Consent management service provided by Usercentrics GmbH. See Section 5 for full details.

7. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process data on the following legal bases:

• Consent (Art. 6(1)(a) GDPR) — For analytics cookies and any non-essential tracking. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Legitimate interest (Art. 6(1)(f) GDPR) — For strictly necessary cookies that are required to operate the Website and deliver the content you have requested.

8. Data Retention

We retain data only for as long as it is necessary for the purposes described in this policy:

• Google Analytics data is retained according to Google’s default retention settings (14 months for user-level data, 2 months for event-level data). We do not extend these periods.
• Usercentrics consent records are retained for the duration required to demonstrate compliance with consent requirements under the GDPR and the ePrivacy Directive.
• Cookies expire according to the durations specified in our Cookie Policy.

9. Data Transfers

Some of the third-party services we use may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place:

• Google (Analytics) — Google has implemented Standard Contractual Clauses (SCCs) and additional technical measures to protect data transferred outside the EEA.
• Usercentrics — Data is primarily processed within the EU/EEA.

10. Your Rights Under the GDPR

If you are located in the European Economic Area, you have the following rights regarding your personal data:

1. Right of access — You have the right to request a copy of the personal data we hold about you.
2. Right to rectification — You have the right to request correction of any inaccurate personal data we hold about you.
3. Right to erasure — You have the right to request that we delete your personal data, subject to legal obligations that may require us to retain it.
4. Right to restriction of processing — You have the right to request that we limit how we use your personal data.
5. Right to data portability — You have the right to request that we provide your personal data in a structured, commonly used, and machine-readable format.
6. Right to object — You have the right to object to the processing of your personal data where we rely on legitimate interest as a legal basis.
7. Right to withdraw consent — Where processing is based on your consent, you may withdraw it at any time. For cookies, you can do this through the Usercentrics consent banner.

To exercise any of these rights, please contact us at contact@gpsrprestashop.com. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory authority in your EU member state if you believe your data protection rights have been violated.

11. Children’s Privacy

Our Website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at contact@gpsrprestashop.com so that we can take appropriate steps to remove the information.

12. Security

We take reasonable technical and organizational measures to protect the limited data we process against unauthorized access, alteration, disclosure, or destruction. Our Website is served over HTTPS to ensure data transmitted between your browser and our servers is encrypted in transit.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page.

We encourage you to review this page periodically to stay informed about how we protect your privacy. Continued use of the Website after changes are published constitutes your acknowledgment of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:

We aim to respond to all inquiries within 30 days.