Terms and Conditions

Version: Apr 22, 2022

Introduction

During your use of the website https://mention.com/fr/ (hereafter referred to as the “Website”), we may require you to provide us with personal data about yourself, in order for you to be able to use our services. 

The purpose of this privacy statement is to tell you more about how we process your personal data.

Who is the Data Controller?

Depending on the situation and the type of data involved, Mention (also referred to as “we”, “us” or “our”), RCS Paris no. 790 841 266, situated at the following address: 16, Passage Jouffroy, 75009 Paris, France, may act as a data controller or a data processor.

Mention acts as a data controller when we are:

• Collecting information from you to set up and administer your Hootsuite account (for example, Account information such as your name and email address);
• Monitoring usage information on our website;
• Managing your contact and other related information to send marketing, Services, and other communications to you;
• Responding to a support or general inquiry; and
• Recruiting individuals for job opportunities.

Legal Bases for Processing when Mention is Controller

The legal bases for processing information about you include:

• Your consent (for example, when you have provided your information to sign up for an account or for a webinar; or you have provided your employment history when applying for a job). Where we rely on your consent to process personal data, you have the right to withdraw your consent at any time.
• It is necessary to perform a contract (for example, we may need your information to fulfil our obligations of providing Services to you under the terms relevant to the Services you have acquired).
• Legitimate interest (for example, to provide, maintain and improve the Services for you, to maintain the security of the Services, and to attract new customers to maintain demand for the Services, all of which are described in the “Why do we process your personal data” section of this document).
• In some cases, we may have a legal obligation to process your personal data to comply with relevant laws (for example, processing payroll and tax information to comply with relevant employment and tax legislation); or processing is necessary to protect your vital interests or those of another person (for example, obtaining health-related information during a medical emergency).

Mention as a Data Processor

Where you are using our Services and making decisions about the personal data that is being processed in the Services (including managing your alert queries, selecting the Social Network accounts and data sources you wish to connect to the Services, staging + scheduling content, or exporting collected mentions or reports for the purposes of further processing), you are acting as a data controller and Mention is acting as a data processor.

There are certain obligations under the GDPR that you have as a data controller, including being responsible for managing Content on the Services. As a data processor, Mention will only access and process Content to provide you with the Services in accordance with your instructions (which you provide through the Services), the Terms of Service, the Social Networks’ terms, and applicable laws. As part of delivering the Services, we may process Content to further improve the Services, such as enhancing usability and developing new features.

If you, as a data controller, require Mention to agree to data protection requirements under Article 28, GDPR, or under UK data protection laws, Mention makes available a data processing addendum that meets these requirements. Please email your customer details (organisation name and plan information) with your request to our data protection officer at gdpr@mention.com.

If you are using the Services as an authorised user of a Mention client (whether that client is your employer, another organisation, or an individual), that client determines its own policies (if any) regarding storage, access, modification, deletion, sharing, and retention of personal data and Content, which may apply to your use of the Services. Please check with that client about the policies and settings it has in place.

Your GDPR Rights when Mention is a Data Controller

Under GDPR, Mention is obliged to provide you with the following rights:

• The right to be informed about how your personal data is collected and used
• You have an unconditional right to object to processing for the purposes of direct marketing. You also have the right to object to processing your personal data, however Mention may continue to process your data on legitimate grounds or to defend our rights before the court.
• If you have supplied us with your personal data and the processing of your personal data is based on the performance of a contract with you or pre-contractual measures undertaken at your request, you have the right to receive the personal data concerning you in a structured, commonly used, machine-readable format in order to be able to forward this to another service provider if this is technically possible and can be performed by automated means.
• At any time, you can submit a complaint to the supervisory authority if you feel that our processing is being performed in violation of the applicable data protection law. Please note that you are still cordially invited to contact us in such a case.
• You have the right to restrict the processing of your personal data in certain cases defined in Article 18 of the GDPR.
• You have the right to demand that your personal data be deleted and to prohibit any future collection
• Right of rectification: you have the right to rectify any of your personal data which is inaccurate, incomplete or outdated at any time.
• Under Article 15 of GDPR, you have the right to request a copy of your personal data which are processed by Mention in the situation that it is acting as data controller, as well as any other relevant information, such as a list of controllers your data may have been transferred to when Mention behaves as a data processor.

CCPA Rights

If you are a consumer as defined in the California Consumer Privacy Act (CCPA), the following provisions apply to you. Definitions of terms are set out in the CCPA.

Under the CCPA, you may have the following specific rights:

• The right to know about the personal information collected about you, which we have set out in our Privacy Policy under “what personal data do we process.”
• The right to have your personal information erased
• The right not to be discriminated against for exercising consumer rights under the CCPA.

You may exercise your rights by emailing us at dpo@mention.com. If your organisation requires a CCPA addendum, please email us your customer details (organisation name and plan information) with your request.

While we disclose personal information to service providers for the purpose of managing our relationship with you (e.g. distributing marketing communications) and providing the Services, we do not sell your personal information.

How do we process personal data?

In this section, you can learn more about the personal data we process and why, the manner in which it is collected, the processing activities involved, the persons with whom we share the data, including information concerning the transfer of personal data outside the EU/EEA and the length of time for which we store your data.

2.1. What personal data do we process?

Personal data is defined as any data which makes it possible to identify an individual. The types of personal data we process are the following:

• Your name and contact details, such as your email address, telephone number, location, job title and information about the company you represent and any agreements you have made with us, either in your own name or on behalf of your company;
• Your account details, including the username / user ID, the password in encrypted form, information about unique identifiers such as API tokens, the profile photo, the biography and information concerning other social media profiles (such as Facebook, Twitter, LinkedIn, Skype or Google accounts) which you have linked to your user account;
• Personal and professional preferences including interests, subscriptions and language settings;
• Information about the browser, for example the browser type and version, any website from which you have been referred, the time zone from which you are visiting us; the pages you have visited on our Website; your IP address and an approximate estimate of your location based on your IP address; information concerning your activity on the web or your interaction in the emails we send you; information about your use of our services.
• Transaction-related data (including bank details and data related to your bank card and invoices, etc.)

2.2. Why do we process your personal data?

In this subsection, we describe when and why we process your personal data. Your data is processed for one or several end purposes. Each end purpose is associated with a legal basis and its corresponding data retention period. Please see the list below. Under no circumstances will your personal data be used in any manner which is incompatible with the end purposes for which it was collected.

End purpose	Legal basis	Data retention period
The provision of our services available on our Website (access to our various functions and features, the creation and administration of your account, the processing of your contact details for the making or finalisation of any agreement with you or your company, the billing of professional assistance services and training services).	The implementation of the contract we have signed with you or your company.	Once you have created an account on our Website, your data will be stored for the lifetime of your account plus an additional period of 3 years from the date your account is deleted. Your data may nevertheless be archived for evidential purposes for a period of 5 years. Concerning your bankcard data, this is stored by our payment services provider for the lifetime of your account. Data concerning the card security code or CVV2, shown on your bank card is not stored.
Compilation of invoices	Legal and accountancy-related obligations	Stored for a period of 10 years.
Improvements to our services (generating statistics and analysing how you use our services, doing market research and customer satisfaction surveys, obtaining feedback from you)	Legitimate interest	Your data will be stored for 2 years following the deletion of your account.
Facilitating the use of the Website (including by testing, carrying out breakdown repairs, correcting bugs and modifying the interface, to ensure that you can easily access the information you’re looking for or by highlighting popular functions and features)	Legitimate interest	The data is stored for 3 years from the date of your last active contact.
Direct marketing (sending our customers general information and marketing messages about our services)	Legitimate interest	The data is stored for 3 years from the date of your last active contact.
Sending demos to our B2B prospects	Pre-contractual actions undertaken at your request	The data is stored for 3 years from the date of your last active contact.
Sending sales and business-related messages	Legitimate interest	The data is stored for 3 years from the date of your last active contact.
Receiving your applications for our job vacancies	Legitimate interest	The data is stored for 2 years from the date of the last contact with the unsuccessful candidate.
Creating a database of existing and prospective customers	Legitimate interest	If you’re a customer, the data is stored for the lifetime of the business relationship and is deleted upon expiry of a 3-year period following the end of the business relationship. For prospective customers, the data is stored for 3 years from the date of your last active contact.
Responding to your requests for information	Legitimate interest	The data is stored for the time required to process your request for information and deleted once the request for information has been processed.
Managing requests to exercise rights	Legitimate interest	If we request proof of identity from you: we only store it for the time needed to verify your identity. Once the verification is complete, the item of proof in question will be deleted. If you exercise your right of objection concerning the use of your data for prospection: we will store this information for 3 years.

2.3 Who Has Access to Your Personal Information?

Employees and Authorised Contractors

Our employees and authorised contractors may need to access information about you when they require this information to perform their job. For example, a customer support representative would need access to your account to validate your identity and respond to your question or request; our email communications team would need access to your contact information to ensure this information is sent correctly and any unsubscribe requests are properly managed; and our security staff would need to review information to investigate attempted denial of service attacks, fraudulent account activity, or other attempts to compromise the Services.

All our employees and contractors are required to agree to maintain the confidentiality and protect the privacy of your information, and their access is restricted to that which is necessary to perform their duties. Audits are conducted to ensure that employees who no longer require access to a given data set or tool are restricted from access as per our Security Policy.

Service Providers, Authorised Resellers, and Partners

If you use services supplied by our partners where those services are incorporated into our own services, our partners will have access to your personal data. Similarly, following your free trial, your personal data may be forwarded to our resellers so that you may be referred to the appropriate contacts according to your location. Our list of resellers may be viewed here. Personal data collected by our partners and resellers is covered by their own personal data processing conditions and policies.

Successor and Affiliated Entities

Your personal data may be transferred or divulged to a buyer or potential buyer in the event of the sale or transfer of all or part of our activities or assets, in as far as this is allowed and in compliance with the applicable data protection laws.

Social Networks and Third-Party Services

We use third-party service providers to manage certain aspects of our business operations. We share personal data with these third parties concerning the IT infrastructure, the operation and hosting services, market research and communications, financial and payment services, customer services and IT services such as IT support, maintenance and development.

Network Personnel and the General Public

If you choose to publish your personal data when using our services, for example when sending content, replying to tweets or messages or entering messages in other people’s comment boxes, you are making this information visible to the general public. If your email address is used to send newsletters or to publish on social media accounts, it will become visible to the recipients of those newsletters.

Professional Advisors and Security Auditors

For security purposes, we can share your personal data when this is required by law, to protect you or our clients or to ensure the security of our services.

We also use professional advisors, including lawyers and accountants, and may be required to disclose information about you when engaging them for their services and as necessary for audits, financial and other regulatory reviews.

2.4. Transferring your personal data outside the EU/EEA

Under the General Data Protection Regulation (GDPR) and other data protection laws, information about you may only be transferred from your region to other regions if certain requirements are met. For instance, under the GDPR, information about you may be transferred from the European Economic Area (EEA) to outside the EEA if adequate data protections are in place. Your data is stored on the servers located at OVH, Scaleway and AWS (EU) for the whole duration of the processing.

Depending on the region personal data may be transferred to, we employ the following controls + restrictions to ensure the safeguard of data transfers.

Transfers to Regions outside the EU designated as offering a suitable level of protection:

• Data transfers to these countries are expressly permitted
• At the following address, you can view the list of countries which, according to the European Commission, offer a suitable level of protection for data: https://www.eacea.ec.europa.eu/about-eacea/data-protection/public-register-processing-activities_fr.

Transfers to Regions outside the EU designated as not offering a suitable level of protection:

• We have concluded a contract with the data recipient that the data is transferred to that includes the standard contractual clauses, which bind the company to ensure an adequate level of protection
• We require the data recipient to sign a supplementary measures clause via contract that ensures they have put in place other appropriate guarantees under the terms of the personal data protection regulations
• We take special attention with transfers made to the United States, to ensure recipients are not affected by FISA 702, or EO 12333, and in the event that they are, require additional checks and guarantees that the personal data transferred is adequately safeguarded by technical + organisational measures

You can consult the European Commission’s standard contractual clauses at the following address: http://eur-lex.europa.eu/eli/dec/2010/87/oj.

3.Security measures

We have taken a number of security measures to guarantee the security of the personal data we store. For example, access to areas in which personal data is stored is limited to only those of our employees and service providers who need it in the performance of their duties, and who are informed of the importance of ensuring the security and privacy of the personal data we store. We maintain appropriate guarantees and security standards to protect your personal data against any access, disclosure or unauthorised or ill-intentioned use. We also monitor our systems to detect any vulnerabilities, to protect your personal data. We invite you to consult our security policy for further information.

4. Your rights

4.1 Rights of access and rectification

• Right of access: you have the right to access all of your personal data at any time.
  • Right of rectification: you have the right to rectify any of your personal data which is inaccurate, incomplete or outdated at any time.

4.2. Right to deletion

You have the right to demand that your personal data be deleted and to prohibit any future collection

4.3. Right to restriction of processing

You have the right to restrict the processing of your personal data in certain cases defined in Article 18 of the GDPR.

4.4. Right of objection

You have the right to object to the processing of your personal data. Please note however that we may continue processing the said data despite this objection on legitimate grounds or to defend our rights before the courts.

Your personal data will not be processed for purposes related to direct marketing if you object to such processing.

4.5 Right to personal data portability

If you have supplied us with your personal data and the processing of your personal data is based on the performance of a contract with you or pre-contractual measures undertaken at your request, you have the right to receive the personal data concerning you in a structured, commonly used, machine-readable format in order to be able to forward this to another service provider if this is technically possible and can be performed by automated means.

4.6. Right to submit a complaint to a relevant supervisory authority

At any time, you can submit a complaint to the supervisory authority if you feel that our processing is being performed in violation of the applicable data protection law. Please note that you are still cordially invited to contact us in such a case.

4.7. Point of contact for personal data matters

You can exercise your rights by writing to us at the addresses shown below. When you do so, we may ask you to provide us with additional information or documents to prove your identity.

Contact email address: dpo@mention.com

Contact postal address: 16, Passage Jouffroy, 75009 Paris

5. Modifications

We can modify this policy at any time, including in order to ensure that we comply with any changes in regulations or case law, or editorial or technical changes. These modifications will apply on the date on which the modified version becomes effective. You are therefore invited to regularly consult the latest version of this policy.

Version: Apr 22, 2022

Mention Solutions SAS, headquartered in Paris (France), is a modern Software-as-a-Service (SaaS) company using third-party cloud-providers and modern agile product development processes to be able to provide a competitive product in a fast-moving landscape.

Mention security measurements are compliant with applicable law and are following industry security standards for cloud services.

Mention is ultimately owned by NHST Media Group AS in Norway, who is governing all companies in the group with an information security policy.

Technical and Organizational measures

Hosting

Mention servers are hosted on OVH, Scaleway and AWS.

Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

• ISO 27001
• SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
• PCI Level 1
• FISMA Moderate
• Sarbanes-Oxley (SOX)

OVH certifications can be found at: https://www.ovh.com/world/about-us/certifications.xml

Scaleway certifications can be found at: https://www.scaleway.com/en/about-us/our-certifications/

Location

All our servers are located within the EU.

Availability

Mention services have a goal of being available 99.99% on a yearly basis. Health status for Mention services can be found on status.mention.com.

Application

Stack Mention is written in the web framework Symfony and has been tried by the open source community in terms of security. Mention Technologies are built in PHP, Go and Python. Applications are running in security patched linux environments.

Access Control

Employees and consultants at Mention may be granted access to production data by granularity levels. Two-factor authentication is enabled when applicable. Changes to customer’s content through the services are logged.

Backups

Mention is performing backups of customer data. Backups of customer data are kept for 30 days for system recovery. Application logs are stored in separate systems and are retained for a longer time for information security consistency.

Deployment

Mention uses automatic code-tests to ensure that new changes don't break existing functionality. All code is also being reviewed by another person before being merged into the master code tree. On top of that we have a manual Q&A process for testing new functionality before it’s being released to production.

Code updates to the production environment are done on a daily basis. Each release to production carries information with traceability.

Security & Privacy Governance

Mention has assigned a Data Privacy Officer within the company that is governing technical and organizational measures on how we are processing personal data according to applicable law. Mention has designated people that are working together with NHST Media Group to ensure compliance with NHST information security policy.

Employees, contractors, sub-processors

All devices of Mention employees are individually password-protected and encrypted as defined in an internal IT-policy.

Mention ensures that people authorized to produce data have committed themselves toconfidentiality. Processing of data is regulated by data processing agreements and our privacy policy.

Data breaches

Mention has established a routine for managing personal data breaches with an escalation program to ensure that we can notify affected parties as soon as possible and that we can report about an incident within 72 hours to the data authority in France (CNIL).

Version: Apr 22, 2022

These general terms of sale (hereafter referred to as the “General Terms of Sale”) for the provision to the Client of the services described on the website www.mention.com (hereafter referred to as the “Website”) or in the Purchase Order, as described below (hereafter referred to as the “Services”) apply to the company Mention Solutions SAS (hereafter referred to as “Mention”), registered under number 790 841 266, at the address 16 Passage Jouffroy, 75009 Paris, France. Their purpose is to define the terms and conditions under which the Services will be supplied to the Client and to describe the parties’ related rights and obligations.

Where applicable, they may be supplemented by a purchase order (hereafter referred to as the “Purchase Order”) or special terms of use for certain Services, which will be considered supplementary to these General Terms of Sale and, in the event of contradiction, will take precedence over the latter. By signing a Purchase Order or accepting these General Terms of Sale during the registration process, you hereby confirm that you are authorized to commit the Client by means of such a procedure.

The Services are intended exclusively for professionals, this being understood as referring to any natural or artificial persons performing a non-occasional paid activity in all branches of industry and business.

1. The Services

The Services refer at all times to the latest up-to-date version of the Web services, the associated software and other related services supplied to the Client by Mention pursuant to these General Terms of Sale and to the Purchase Order where applicable. The Services are proposed on a SaaS basis (Software as a Service), with the various characteristics and functions described on www.mention.com (hereafter referred to as the “Solution”). The Services may also include supplementary services and modules, including third-party professional services, software and services, as agreed between the Client and Mention. If third-party services are ordered via the Services, the Client may be obliged to accept these third parties’ general terms and conditions in order to access the services. The supplementary professional services are defined in the Purchase Order. Mention is constantly working to develop and improve the Services. Mention reserves the right to introduce new versions, updates and packages for the Services, including but not limited to modifications affecting the design, operating methods, technical specifications, systems and other functions, etc. of the Services at any time without notice. The Client will be informed in advance if Mention considers the changes as being of vital importance to the Client.

2. Accessing the Services, passwords, etc.

Mention protects the Services and it is important that these may be used under fully secure conditions. The Client must ensure that the usernames and passwords of the users with access to the Solution are stored and used in a secure manner and may not be consulted or used by unauthorized third parties. The Client is responsible for any unauthorized use of the usernames and login information of the Client’s users to access the Services. If the Client suspects that an unauthorized person has become aware of a username and/or a password, the Client must immediately inform Mention of this and also change this username and/or password. Mention reserves the right to terminate the Client’s access to the Services at any time if Mention considers that the Client is failing to comply with the General Terms of Sale or that there is a risk to the security of the Solution and the Services.

3. Use of the Services

The Services may be used by the Clients as legally constituted entities and organizations, pursuant to these General Terms of Sale, to the Purchase Order where applicable, and to the administrative and security instructions sent to the Client by Mention such as information via the Services, direct messages to the Client or via the Website. The Client will be responsible for the activities performed by its users, including its employees, consultants, managers, directors, agents or staff within the Services and will use the Services in accordance with all laws applicable to them. Any content uploaded, transferred, displayed publicly, processed or entered in the Services by the Client (hereafter referred to as the “Client Content”) will be considered the sole responsibility and liability of the latter.

The Client must only use Services for internal business purposes and must not: (i) grant licenses or sublicenses, sell, resell, rent, lease, transfer, assign, distribute, time-share or otherwise exploit the Services or make them available to a third-party; (ii) send spam or other unsolicited messages in violation of the applicable laws; (iii) knowingly send or store material containing computer viruses, worms, Trojan horses or any other malicious IT code, files, scripts, agents or malware, or enable a “bot” or other non-approved automated process to interact with the Services; (iv) interfere with or adversely affect the integrity or performance of the Services or the data they contain; (v) attempt to obtain unauthorized access to the Services or to the related systems or networks. The Client must not (i) modify, copy or create derivative works based on the Solution and/or the Services or (ii) disassemble, reverse engineer or decompile the Solution and/or the Services. The Client guarantees Mention that it possesses all necessary rights and authorisations to circulate this Client Content. It undertakes that the said Client Content is legal, does not infringe public order, public policy, public decency or the rights of third parties, does not infringe any legal or regulatory provision and more generally is in no way likely to result in Mention incurring any civil or criminal liability.

4. Mention Content

During the use of the Services, Mention supplies the Client with content when its search results are displayed (hereafter referred to as the “Mention Content”).

This Mention Content results from the aggregation of data by Mention itself or from third parties. This Mention Content may be subject to copyright or other legal protection provided for under the terms of the applicable regulations, preventing the use of the said Mention Content outside the scope of the Services supplied by Mention.

Consequently, the Client acknowledges and accepts that the Mention Content may only be used within the scope of the Services supplied by Mention. Any use by the Client outside the scope of the Services of Mention Content supplied as part of the Services is prohibited.

Any use by the Client of the Mention Content for purposes other than those covered by the Services will be conducted at its own risk, with Mention granting no guarantees and accepting no liability for such use.

5. Client Content

It is extremely important that the rights of third parties are respected when using the Services. Any Client Content uploaded, transferred, circulated, published, processed or entered in the Solution or within the scope of the Services by the Client will be considered the latter’s sole and exclusive liability. This also applies, in all aspects, to the Mention Content produced by Mention as part of the agreed Services supplied to the Client. The Client will be responsible and liable for monitoring its Client Content and will be considered liable vis-à-vis Mention for ensuring that the Client Content it publishes does not in any way affect third parties and does not violate these General Terms of Sale or the applicable law in any manner and that the Client Content is appropriate. The Client must therefore analyze and critically assess its obligations before publishing Client Content via the Services. Among other things, this means that the Client must ensure that via the Client Content it:

● does not infringe the Terms of Use of Twitter, Facebook , Instagram, Linkedin and any other third-party service which Client accesses when using the Services; ● does not commit any criminal acts;

● does not defame, libel, persecute, slander, discriminate against (on the grounds of race, colour, nationality or ethnic origin, religious convictions or sexual orientation, disability or illness for example), threaten or otherwise harm any other person or their rights, by any means;

● does not distribute inappropriate, vulgar, offensive, dishonest, unsuitable, racist, pornographic or sexist material via the Client Content;

● does not send out or allow to be sent out any unsolicited advertising such as spam, or use the Services in any other manner to transfer or publish Client Content which chiefly comprises concrete business offers and proposals, for example advertising, click offers, price lists or similar content;

● does not copy, sell, circulate, publish or use the Mention Content or any other content or material belonging to Mention or other clients or users (if you have not obtained express consent to do so);

● does not claim to be someone else or to give a false description of the Client’s connection with another person or organization in any manner;

● does not make available material which the Client is not authorized to publish in accordance with the law, an agreement or any loyalty-related obligation (such as business secrets, insider information or confidential information);

● does not contravene any applicable data protection legislation; and

● does not infringe any patent, trademark, trade secret, copyright, neighboring rights, protection of designs (whether registered or otherwise), or any other intellectual property right, and does not allow third parties to infringe them.

The Client must also ensure that it possesses the appropriate rights to publish the Client Content via the Services. By publishing the Client Content, the Client guarantees that it possesses these rights. The Client must:

● have received all required consent from the third parties concerned, or have ensured that another legal basis exists for the processing, in order that the processing, including the publication of the Client Content via the Services, does not infringe the rights of any person or organization;

● ensure that there is a sound legal basis for the publication of images of any persons visible in the uploaded images or films, insofar as this is required by law;

The Client holds Mention harmless against any legal action resulting from any Client Content posted in violation of these General Terms of Sale.

At its sole discretion, Mention may delete all or part of the published Client Content without notice at any time, if Mention considers that it violates these General Terms of Sale. Mention must inform the Client of the said deletion and the reason for this.

6. Use of the Client Content by Mention

In order for Mention to be able to supply the Client with the Services, the Client grants Mention a non-exclusive, free, global and otherwise unlimited right to process, use, publish and copy the Client Content and to make it available, whether directly or indirectly, for the purpose of providing the Services to the Client.

7. The processing of personal data

7.1. General dispositions

As part of their contractual relations, each Party shall undertake to comply with the applicable regulations on personal data processing and, in particular, the General Data Protection Regulation (regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016) and to the French Data Protection Act of 6 January 1978 (hereinafter referred together as the “Applicable Regulation”).

Each Party processes personal data of the contact person of the other Party involved in the execution of the Contract, as data controller within the meaning of the Applicable Regulation for the purpose of managing the contractual relations between the Parties and for the duration of the General Terms of Sale. This processing is carried out for the execution of the General Terms of Sale and only identification data (e.g., full name, email address, telephone number) are processed by the Parties.

Personal data are retained during the duration strictly necessary for the purposes of managing the business relationship between Parties. The staff of each Party data controller of the processing, its control services (notably auditor) and its processors can have access to personal data.

The processing may result in the exercise by each Party’s contact person of their rights under the Applicable Regulation.

7.2. Processing of personal data by Mention as a data processor

7.2.3 Description of the processing carried out by Mention

As part of the Services, Mention processes personal data in the name and on behalf of the Client as a data processor, while the Client acts as a data controller within the meaning of the Applicable Regulation.

The characteristics of the processing are as follows:

Data Protection Officer	Valerie Paris dpo@mention.com
Purpose(s) of the processing	Performance of the Services
Nature of the processing	Collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Categories of personal data	Any category of Personal Data embedded within displayed content
Categories of data subjects	Any natural person having Personal Data embedded within displayed content
Duration of the processing	Duration of the General Terms of Sale

7.2.4 Provider's obligations with respect to the Client

• Data processing:

  Mention undertakes to process the personal data only for the purposes listed above and in accordance with the Client’s documented instructions, including with regard to transfers of data outside the European Union. Where Mention considers that an instruction infringes the Applicable Regulation, he shall immediately inform the Client thereof. Moreover, if Mention shall process personal data and transfer them to a third country or an international organization, according to the applicable legislation of the General Terms of Sale, he shall inform the Client of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.

  • Security and data confidentiality:

    Mention undertakes to implement the appropriate technical and organizational measures to ensure the security and integrity of personal data, their backup and the restoration of their availability in the event of a physical or technical incident. Mention ensures that the persons authorized to process the personal data hereunder have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

    • Sub-processors:

      Mention is authorized to use processors (hereinafter "the Sub-Processor") to carry out specific processing activities.

      The Sub-Processor shall comply with the obligations hereunder on behalf of and in accordance with the Client’s instructions. Mention shall ensure that the Sub-Processor provides the same sufficient warranties regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the Applicable Regulation. If the Sub-Processor fails to fulfill its data protection obligations, Mention remains fully liable to the Client for the Sub-Processor’s performance of its obligations.
      
      For inquiries related to Mention’s sub-processors, please contact gdpr@mention.com

• Transfer of personal data outside the European Union:

  Mention is authorized to transfer personal data processed as part of this General Terms of Sale to countries located outside the European Union, if appropriate safeguards have been implemented as defined under Chapter V of GDPR.

  • Assistance and provision of information:

    Mention undertakes to assist the Client and to respond without undue delay to any request for information sent by the Client, whether in the context of a request for the exercise of their rights by data subjects, a privacy impact assessment, or a request made by a supervisory authority or the Client's data protection officer.

    • Notification of personal data breach:

      Mention shall notify the Client of any personal data breach without undue delay after becoming aware of it and to provide the Client with all relevant information and documentation relating to such personal data breach.

      • Fate of the data:

        Mention undertakes at its election to delete personal data at the termination of these General Terms of Sale and not to keep a copy unless Union or Member State law requires storage of the personal data.

        • Documentation:

          Mention shall make available to the Client, at the Client's request, all information and documents necessary to demonstrate compliance with its obligations and allow for audits. The Client may carry out audits once a year, at its own expense, to verify Mention's compliance with the obligations set forth in this article. The Client will inform Mention of the audit at least two (2) weeks before. Mention may refuse the identity of the auditor if it belongs to a competing company. The audit shall be conducted during work hours and with the least possible disturbance for Mention’s activity. The audit shall not threaten (i) technical and organizational security measures implemented by Mention, (ii) security and confidentiality of data of Mention’s other customers, (iii) the proper functioning and organization of Mention. When possible, Parties will agree beforehand on the scope of the audit. The audit report will be sent to Mention to submit comments, which will be attached to the final version of the audit report. Each audit report will be considered confidential information.

7.2.5 Client's obligations with respect to Mention

The Client undertakes to:

1. provide Mention with the personal data mentioned above, except any improper, disproportionate or unnecessary personal data, and except any “particular” personal data within the meaning of the Applicable Regulation, except if the processing activities justify it. In this case, the Client will have to document these justifications and to take all measures, notably of prior information, to collect appropriate consent and appropriate security measures, appropriate for such particular data;
2. collect under its liability, lawfully, fairly and in a transparent manner the personal data provided to Mention, for the performance of its services, and in particular, to ensure the lawfulness of processing and the information due to data subjects;
3. maintain a record of processing activities carried out and more generally, comply with the principles of the Applicable Regulation;
4. ensure, before and throughout the processing, compliance with the obligations set out in the Applicable legislation.

   8. Access and security

At its sole discretion, Mention agrees to adopt reasonable measures to ensure that the Services are available on the Internet 24 hours a day, 7 days a week. Mention is entitled to take measures affecting the above-mentioned access when Mention considers this necessary for technical, maintenance, operational or security reasons. The Client acknowledges and accepts that maintenance, updates, bugs and other causes or circumstances, whether planned or unplanned, may result in interruptions to or breakdowns affecting the Services. The Client may visit status.Mention.com to obtain information concerning the current operational status of the services. The Client understands and acknowledges that its access to the Internet cannot be guaranteed and that Mention may under no circumstances be considered liable for any issues with the Client’s Internet-related connections or equipment. Mention must adopt reasonable measures to ensure that the security of the Services complies with the standards applicable in the sector. Mention’s security measures are described in the Security Policy and apply at all times. This Security Policy may be viewed here.

Due to the complexity of the Internet, the unequal performance of different sub-networks, peak use by users of the Solution at certain times and various bottlenecks over which Mention has no control, Mention’s liability will be limited to the operation of its servers, the external limits of which are constituted by their connection points. Mention may not be considered liable for (i) access speeds when accessing its servers, (ii) external slowdowns affecting its servers (iii) poor transmission due to the failure of or problems with these networks. Mention may not be considered liable in the event of intrusions with malicious intent in the storage area reserved for the Client unless it has been demonstrated that the security measures it has introduced were seriously insufficient. Furthermore, Mention may not be considered liable for any lack of vigilance on the part of the Client’s users in maintaining the confidential nature of their usernames and passwords

9. Assistance services

Mention will provide the Client with assistance services if it has any questions concerning the use of the Services. The contact details and opening times of the assistance service can be found on the Mention Website.

10. Contractual term and termination

The Services are provided in the form of a subscription (hereafter referred to as the “Subscription”).

The Subscription begins on the date on which the Client supplies its bank details, for a period of 1 (one) month or 1 (one) year according to the subscription period selected by the Client, from date to date, (hereafter referred to as the “Subscription Period”).

If the Subscription is made in the form of a Purchase Order, the Subscription is taken out for the period mentioned in the said Purchase Order. If the Client enters its bank details before the expiry of the free trial period, the Subscription will begin on the date these details are supplied. The Subscription is then automatically renewed for successive periods of a duration identical to the Subscription Period, from date to date, unless canceled by Mention or by the Client at least 1 (one) week in the case of a monthly Subscription or 90 (ninety) days in the case of an annual Subscription before the expiry of the period concerned. The Subscription must be canceled:

- By the Client: by clicking the button provided for this purpose in its Customer Account or by email,

- By MENTION: by email.

The cancellation of the Subscription will take effect at the end of the last day of the Subscription.

Once the paid Subscription Period or the free trial period have ended, the Services will be automatically downgraded to those of the “free” Subscription offer. In the case of a free Subscription Period, the Subscription may be terminated by either party subject to the issuing of written notice, or, where applicable, by means of a dedicated button provided for this purpose.

Mention may always terminate the Subscription with immediate effect earlier than above-mentioned dates if the Client:

● fails to abide by any of the provisions of these General Terms of Sale, or more generally if the client contravenes any laws or regulations and if it takes no steps to rectify such failings within 30 (thirty) days following the receipt of a written request to this effect from Mention, or

● goes bankrupt, enters into a settlement agreement, suspends its payments, is the subject of corporate restructuring measures or risks finding itself in a situation of insolvency in any other circumstances.

11. Guarantee limitations and claims

Mention guarantees the Client that the Services will operate in a substantial and material manner in compliance with what is presented on the Mention Website, under normal conditions and circumstances of use, for the intended purposes and for the sole use of the Mention Content as part of the Services. This guarantee does not apply to the trial period for Subscriptions or to the free Subscription. With the exception of the above-mentioned guarantees and in as far as allowed by law, Mention rejects any other guarantee or warranty concerning the Services, whether express or implicit, including but not limited to their adaptation to a particular use, the accuracy or reliability of the results obtained from using the Services, that the Services meet specific requirements, that the Services will not be interrupted, or that they are fully protected or free of computer errors.

12. Liability limitations, etc.

With the exception of any legal liability which Mention is legally prevented from declining (such as compulsory product-related liability, liability for bodily injury or death, etc.), Mention may not be considered liable for any loss of income, profits or savings, contracts, production, clients, data or other information, and for complaints or claims from third parties, indirect losses and any other consequential losses. Furthermore, Mention’s overall liability within one calendar year may not exceed the amount which the Client has paid Mention during the said calendar year.

Mention is not responsible or liable for ensuring the permanent and uninterrupted availability of the Services or for any other losses or circumstances arising following one of the situations mentioned in Section 8, including a lack of access and security, interruptions, risks and faults. It should be remembered that Mention is a simple supplier of data aggregation technology. Mention performs no verification of the data issued to the Client via its technology. Consequently, regarding the Mention Content, the third-party services or material, Mention does not guarantee that any Mention Content or any material or service supplied by third parties is totally correct, reliable, complete or accessible, and Mention is not liable for any losses or damage arising from problems with this Mention Content, material or service. The parties are reminded that the Client is only authorized to use the Mention Content for consultation purposes as part of the Services and that any other use of the Mention Content is at the Client’s risk, with no guarantees from Mention.

The Client will defend and compensate Mention for any complaints, claims or proceedings initiated against Mention by a third party arising from the use (or related to the use) of the Services by the Client, including complaints and claims related to the Client Content published by the Client as part of the Services.

13. Prices and payment

In return for the provision of the Solution and the Services, the Client will pay the price stated on the Website according to the offer selected at the time it subscribed to the Services or stated in the Purchase Order. Mention reserves the right to increase its price at each renewal period. The Client will be informed of these modifications by Mention by any appropriate written means (including by email) at least 2 (two) weeks before the new prices take effect when the subscription is monthly, 2 (two) months before when the subscription is annual. Once they have taken effect, the new prices will apply when the Subscription renews. Unless stated otherwise in the Purchase Order, payment will be made at the start of each Subscription Period following the issuing of an invoice by Mention, or, where applicable, by credit card. The payment should reach Mention in full within the payment times stated on the invoice or in the Purchase Order where applicable. In the case of late or non-payment by the Client, Mention may invoice it for late payment interest at an interest rate of 8 (eight) percent per annum, in addition to reminder fees and compensation for any recovery costs in addition to those for any other means of redress at Mention’s disposal.

The Client agrees to settle invoices in the currency stated on the invoice, with payment being made to the account stipulated on the invoice.

Without prejudice to its other rights, Mention may temporarily deactivate the Client’s access to the Services in the case of overdue payment exceeding 20 (twenty) days. Additionally, Mention may terminate the Subscription and delete and destroy the Client Content in the case of overdue payment exceeding 40 (forty) days.

In the case of the early termination of this agreement due to non-observance by the Client, the Client is entitled to no reimbursement of any sums paid in advance.

14. Force majeure

Neither party may be considered liable for any failings or delays in the performance of their commitments under the terms of these General Terms of Sale if these failings or delays result from a case of force majeure as defined in article 1218 of the French Civil Code. The Parties hereby agree that the term ‘force majeure’ refers to all events normally recognised as such by law and by the French courts, including but not limited to interruptions to or problems with the Internet or networks, telecommunications, power supplies or any other infrastructure, general labour disputes, wars, fires, lightning, epidemics/pandemics, terrorist attacks, DDoS attacks or similar attacks aimed at interrupting the normal movement of data, changes in regulations by the authorities or errors and delays with the services provided by subcontractors due to these circumstances.

15. Intellectual property rights

All intellectual property rights concerning Mention, the Mention Solution, the Mention Services, the Website and all other related services, such as patents, design patents, design rights, copyrights, neighboring rights, moral rights, business secrets and know-how, rights concerning databases, trademarks, company names, rights relating to business legislation and any other intellectual property right, in all cases, whether registered or registrable, and all applications for registration of any of the above-mentioned rights in addition to the right to apply for registration and all rights and forms of protection of the same nature or having similar effects worldwide are and will remain the property of Mention or its license providers. Under no circumstances does the use of Services represent a transfer or assignment of these intellectual property rights to the Client.

The Client expressly acknowledges and accepts that any use of the Mention Content outside of the Services may result in an infringement of intellectual property rights, for which the Client will be considered solely liable. Any Client Content published by the Client via the Services remains the exclusive property of the Client or its respective legal owner. All rights concerning the Mention Content produced by Mention in the Client’s name as part of the professional services supplied will also be considered the property of the Client.

16. Privacy & confidentiality

Both parties agree to treat information which may be considered as the other party’s professional or business secrets (whether in verbal, written or electronic form or in any other form) as private and confidential, unless the party supplying the said information expressly gives its written consent to the contrary. This means that neither party may divulge this information to a third party or use this information for purposes other than the performance or implementation of these General Terms of Sale. Both parties must also ensure that this commitment is observed and respected by all employees, staff, agents or other persons to whom such information is revealed. This privacy and confidentiality obligation will continue to apply for 2 (two) years after the termination of these General Terms of Sale. However, the privacy and confidentiality obligations will not apply to information which is widely known or for which a party can demonstrate that it became aware of the information via any means other than these General Terms of Sale. The privacy and confidentiality obligations will also not apply when a party is required to supply the information in compliance with a law, a regulation or a decision by the authorities.

17. Messages

The Client may contact Mention by post at Mention Solutions SAS, 16, Passage Jouffroy, 75009 Paris, France or by e-mail at support@Mention.com.

When Mention needs to contact the Client, Mention will use the postal address or e-mail address which the client supplied at the time it subscribed to the Services or contained in the Purchase Order. The Client is responsible for ensuring that this contact information is kept up to date.

Mention may also send marketing communications to the Client concerning Mention’s products, services and events.

18. Modifications to the General Terms of Sale

Mention may modify the General Terms of Sale. The Client will be informed of these changes by email or via information provided within the Services or on the Mention Website:

• 2 (two) weeks before they take effect if the subscription is monthly,
• 2 (two) months before they take effect if the subscription is annual
  
  

If the Client does not accept these modifications, it must terminate its contract under the conditions of article 10 “Contractual term and termination”.

19. Business references

Unless expressly stated in the Purchase Order or notified to Mention by any appropriate written method, the Client authorizes Mention to use its name, brand, logo and website details as business references on any media and in any form.

20. The transfer of services

These General Terms of Sale are valid between the parties and cannot be transferred or disposed of without written authorisation. However, Mention may wholly or partially transfer the provision of the Services to another company belonging to the same group as Mention. All rights and obligations existing between the Client and Mention will then apply between the Client and the company assuming the provision of the Services.

21. Applicable law and dispute resolution

Unless other provisions apply concerning the mandatory applicable law, these General Terms of Sale and the relationship between the Client, you and Mention will be interpreted and applied pursuant to French law. Unless otherwise stipulated by the overriding applicable law, any disputes arising as a result of these General Terms of Sale or the relationship between the parties will be settled by the French general courts and the Tribunal de Commerce de Paris (Paris Commercial Court) in the first instance.