Terms and Conditions

Find here every legal detail you need to know about how Mention works.

  • Cookie Policy
  • Privacy Policy
  • Security Policy
  • Data Protections Terms
  • General Terms and Conditions
Cookie Policy
Privacy Policy

Version: January 27th, 2021


During your use of the website https://mention.com/fr/ (hereafter referred to as the “Website”), we may require you to provide us with personal data about yourself, in order for you to be able to use our services. 

The purpose of this privacy statement is to tell you more about how we process your personal data.


Who is the data controller?

The data controller is the company Mention Solutions SAS (also referred to as “we”, “us” or “our”), RCS Paris no. 790 841 266, situated at the following address: 16, Passage Jouffroy, 75009 Paris, France


How do we process personal data?

In this section, you can learn more about the personal data we process and why, the manner in which it is collected, the processing activities involved, the persons with whom we share the data, including information concerning the transfer of personal data outside the EU/EEA and the length of time for which we store your data.


2.1. What personal data do we process?

Personal data is defined as any data which makes it possible to identify an individual. The types of personal data we process are the following:

  • Your name and contact details, such as your email address, telephone number, location, job title and information about the company you represent and any agreements you have made with us, either in your own name or on behalf of your company;
  • Your account details, including the username / user ID, the password in encrypted form, information about unique identifiers such as API tokens, the profile photo, the biography and information concerning other social media profiles (such as Facebook, Twitter, LinkedIn, Skype or Google accounts) which you have linked to your user account;
  • Personal and professional preferences including interests, subscriptions and language settings;
  • Information about the browser, for example the browser type and version, any website from which you have been referred, the time zone from which you are visiting us; the pages you have visited on our Website; your IP address and an approximate estimate of your location based on your IP address; information concerning your activity on the web or your interaction in the emails we send you; information about your use of our services.
  • Transaction-related data (including bank details and data related to your bank card and invoices, etc.)


2.2. Why do we process your personal data?

In this sub-section, we describe when and why we process your personal data. Your data is processed for one or several end purposes. Each end purpose is associated with a legal basis and its corresponding data retention period. Please see the list below. Under no circumstances will your personal data be used in any manner which is incompatible with the end purposes for which it was collected.


End purpose

Legal basis

Data retention period

The provision of our services available on our Website (access to our various functions and features, the creation and administration of your account, the processing of your contact details for the making or finalisation of any agreement with you or your company, the billing of professional assistance services and training services).

The implementation of the contract we have signed with you or your company.

Once you have created an account on our Website, your data will be stored for the lifetime of your account plus an additional period of 3 years from the date your account is deleted.

Your data may nevertheless be archived for evidential purposes for a period of 5 years.

Concerning your bankcard data, this is stored by our payment services provider for the lifetime of your account.

Data concerning the card security code or CVV2, shown on your bank card is not stored.

Compilation of invoices

Legal and accountancy-related obligations

Stored for a period of 10 years.

Improvements to our services (generating statistics and analysing how you use our services, doing market research and customer satisfaction surveys, obtaining feedback from you)

Legitimate interest

Your data will be stored for 2 years following the deletion of your account.

Facilitating the use of the Website (including by testing, carrying out breakdown repairs, correcting bugs and modifying the interface, to ensure that you can easily access the information you’re looking for or by highlighting popular functions and features)

Legitimate interest

The data is stored for 3 years from the date of your last active contact.

Direct marketing (sending our customers general information and marketing messages about our services)

Legitimate interest

The data is stored for 3 years from the date of your last active contact.

Sending demos to our B2B prospects

Pre-contractual actions undertaken at your request

The data is stored for 3 years from the date of your last active contact.

Sending sales and business-related messages

Legitimate interest

The data is stored for 3 years from the date of your last active contact.

Receiving your applications for our job vacancies

Legitimate interest

The data is stored for 2 years from the date of the last contact with the unsuccessful candidate.

Creating a database of existing and prospective customers

Legitimate interest

If you’re a customer, the data is stored for the lifetime of the business relationship and is deleted upon expiry of a 3-year period following the end of the business relationship. 

For prospective customers, the data is stored for 3 years from the date of your last active contact.

Responding to your requests for information

Legitimate interest

The data is stored for the time required to process your request for information and deleted once the request for information has been processed.

Managing requests to exercise rights

Legitimate interest

If we request proof of identity from you: we only store it for the time needed to verify your identity. Once the verification is complete, the item of proof in question will be deleted.

If you exercise your right of objection concerning the use of your data for prospection: we will store this information for 3 years.


2.3 How do we share your personal data?

The personal data we collect is shared with other companies belonging to the Mention group and with our third-party suppliers and other third-parties listed below, for the provision of our services, including for platform development and maintenance purposes. This may involve the coordination of your personal data with other registers.

Here are the types of third parties with which we share your personal data:

  • Service providers: we use third-party service providers to manage certain aspects of our business operations. We share personal data with these third parties concerning the IT infrastructure, the operation and hosting services, market research and communications, financial and payment services, customer services and IT services such as IT support, maintenance and development.
  • Partners and resellers: if you use services supplied by our partners where those services are incorporated into our own services, our partners will have access to your personal data. Similarly, following your free trial, your personal data may be forwarded to our resellers so that you may be referred to the appropriate contacts according to your location. Our list of resellers may be viewed here. Personal data collected by our partners and resellers is covered by their own personal data processing conditions and policies.
  • Sale or transfer of the company or its assets: your personal data may be transferred or divulged to a buyer or potential buyer in the event of the sale or transfer of all or part of our activities or assets, in as far as this is allowed and in compliance with the applicable data protection laws.
  • People in your network and the general public: if you choose to publish your personal data when using our services, for example when sending content, replying to tweets or messages or entering messages in other people’s comment boxes, you are making this information visible to the general public. If your email address is used to send newsletters or to publish on social media accounts, it will become visible to the recipients of those newsletters.
  • For security reasons: we can share your personal data when this is required by law, to protect you or our clients or to ensure the security of our services.


2.4. Transferring your personal data outside the EU/EEA

Your data is stored on the servers located at OVH, Online by Scaleway and AWS for the whole duration of the processing.

Concerning the tools and resources we use (please see 2.3 regarding the recipients of your personal data), your data may be transferred outside the European Union. Such transfers of your data are governed by the following requirements, among others: 

  • either this data is transferred to a company which has been judged as offering a suitable level of protection by a decision of the European Commission;
  • or we have concluded a specific contract with our sub-processors governing the transfers of your data outside the European Union, based on the European Commission’s standard clauses;
  • or our sub-processors have put in place other appropriate guarantees under the terms of the personal data protection regulations.


At the following address, you can view the list of countries which, according to the European Commission, offer a suitable level of protection for data: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.


You can consult the European Commission’s standard clauses at the following address: http://eur-lex.europa.eu/eli/dec/2010/87/oj.


3.Security measures

We have taken a number of security measures to guarantee the security of the personal data we store. For example, access to areas in which personal data is stored is limited to only those of our employees and service providers who need it in the performance of their duties, and who are informed of the importance of ensuring the security and privacy of the personal data we store. We maintain appropriate guarantees and security standards to protect your personal data against any access, disclosure or unauthorised or ill-intentioned use. We also monitor our systems to detect any vulnerabilities, to protect your personal data. We invite you to consult our security policy for further information.


4. Your rights

4.1 Rights of access and rectification

  • Right of access: you have the right to access all of your personal data at any time.
  • Right of rectification: you have the right to rectify any of your personal data which is inaccurate, incomplete or outdated at any time.


4.2. Right to deletion

You have the right to demand that your personal data be deleted and to prohibit any future collection 


4.3. Right to restriction of processing

You have the right to restrict the processing of your personal data in certain cases defined in Article 18 of the GDPR. 


4.4. Right of objection

You have the right to object to the processing of your personal data. Please note however that we may continue processing the said data despite this objection on legitimate grounds or to defend our rights before the courts.

Your personal data will not be processed for purposes related to direct marketing if you object to such processing.


4.5 Right to personal data portability

If you have supplied us with your personal data and the processing of your personal data is based on the performance of a contract with you or pre-contractual measures undertaken at your request, you have the right to receive the personal data concerning you in a structured, commonly used, machine-readable format in order to be able to forward this to another service provider if this is technically possible and can be performed by automated means.


4.6. Right to submit a complaint to a relevant supervisory authority 

At any time, you can submit a complaint to the supervisory authority if you feel that our processing is being performed in violation of the applicable data protection law. Please note that you are still cordially invited to contact us in such a case.


4.7. Point of contact for personal data matters

You can exercise these rights by writing to us at the addresses shown below. When you do so, we may ask you to provide us with additional information or documents to prove your identity. 

Contact email address: privacy@Mention.com 

Contact postal address: 16, Passage Jouffroy, 75009 Paris


5. Modifications

We can modify this policy at any time, including in order to ensure that we comply with any changes in regulations or case law, or editorial or technical changes. These modifications will apply on the date on which the modified version becomes effective. You are therefore invited to regularly consult the latest version of this policy.

Security Policy

Version: September 20th, 2019

Mention Solutions SAS, headquarters in Paris (France), is a modern Software-as-a-Service (SaaS) company using third-party cloud-providers and modern agile product development processes to be able to provide a competitive product in a fast-moving landscape.

Mention security measurements are compliant with applicable law and are following industry security standards for cloud services.

Mention is ultimately owned by NHST Media Group AS in Norway, who is governing all companies in the group with an information security policy.

Technical and organisational measures


Mention servers are hosted on OVH, Online by Scaleway and AWS.

Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

OVH certifications can be found at: https://www.ovh.com/world/about-us/certifications.xml


All our servers are located within EU. 


Mention services have a goal of being available 99.99% on a yearly basis. Health status for Mention services can be found on status.mention.com.

Application Stack

Mention is written in the web framework Symfony and has been tried by the open source community in terms of security. Mention Technologies are built in PHP, Go and Python. Applications are running in security patched linux environments.

Access Control

Employees and consultants at Mention may be granted access to production data by granularity levels. Two-factor authentication is enabled when applicable. Changes to customer’s content through the services are logged.


Mention are performing backup of customer data. Backups of customer data are kept for 30 days for system recovery. Application logs are stored in separate systems and are retained for a longer time for information security consistency.


Mention uses automatic code-tests to ensure that new changes doesn’t break existing functionality. All code is also being reviewed by another person before merged into the master code tree. On top of that we have a manual Q&A process for testing new functionality before it’s being released to production.

Code updates to production environment is done on a daily basis. Each release to production carries information with traceability.

Security & Privacy Governance

Mention have assigned Data Privacy Officers within the company that are governing technical and organisational measures on how we are processing personal data according to applicable law. Mention have designated people that are working together with NHST Media Group to ensure compliance with NHST information security policy.

Employees, contractors, sub-processors

All devices of Mention employees are individually password-protected and encrypted as defined in an internal IT-policy. 

Mention ensures that people authorised to production data have committed themselves to confidentiality. Processing of data is regulated by data processing agreements and our privacy policy.

Data breaches

Mention has established a routine for managing personal data breaches with an escalation program to ensure that we can notify affected parties as soon as possible and that we can report about an incident within 72 hours to the data authority in France (CNIL).

Data Protections Terms

Version: February 23rd, 2021

This Data Processing Agreement (hereinafter “DPA”) is entered into by and between Customer and Mention Solution SAS (each a “Party” and collectively the “Parties”).


Customer and Mention have entered into an agreement regarding Mention’s provision of Services to the Customer (The “Main Agreement”, a s defined in Art.1 below). This DPA set out and describe different aspects and obligations of the Parties with regard to the Processing of Personal Data that may take place when the Customer uses these Services or otherwise as an effect of the Main Agreement.

Furthermore, the Parties may in respect of their relationship and in relation to the Processing of Personal Data take on different roles and responsibilities.

This DPA clarifies when one Party act as Data Controller and the other Party acts as Data Processor and Processes Personal Data on behalf of the Data Controller, the Parties’ obligations and responsibilities in relation hereto, as well as the written instructions given by the Data Controller as made mandatory by Applicable Data Protection Law.

With respect of the above, the Parties have agreed as follows.


For the purposes hereof and notwithstanding any other definitions provided in the Data Processing Agreement, the following terms shall have the meanings set out below:

Applicable Data Protection Law

Refers to all regulations in force, applicable to the Processing of Personal Data, in particular:

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 applicable since 25th ay 25 2018 known as the "General Data Protection Regulation";
  2. French Law n° 78-17 of 6th January, 1978 relating to data processing, files and liberties, as amended;
  3. Any legislation coming into force and likely to affect the Processing carried out within the framework of this Data Processing Agreement;

Any guide to good practice published by the competent regulatory Authorities or the European Data Protection Board.

Authorized Recipients

Means an administrator, employee or Sub-Processor that has a legitimate need to access Personal Data in connection with the performance of the Main Agreement.


Refers to all types of information and/or data to which the Parties have access for the execution of the Main Agreement, whatever the format or medium, whether it is Personal Data or not (ex: financial data, customer data, strategic, technical, professional, administrative, commercial, legal, accounting data, etc.).

Data Controller

Means the Customer which determines the purposes and means of the Processing of Personal Data.

Data Processor

Means Mention, which Processes Personal Data on behalf of the Data Controller.

Data Subject

Refers to any natural person whose Personal Data is subject to Processing.

Data Processing Agreement or DPA

Refers to this Data Processing Agreement supplemented by Appendix 1: Processing Details: Accessing Data related to a selected mention and performing any action, including posting


Refers to all written instructions given to the Data Processor by the Data Controller.

These instructions comply with strict formalism and may only be considered as such if they are formulated in writing in the form of this Data Processing Agreement, an electronic mail or an official paper mail from a duly authorized person.

Main Agreement

Refers to the agreement whereby Mention does provide its services to the Customer, to which this Data Processing Agreement is attached.

Personal Data

Refers to any information relating to an identified natural person or who can be identified as such, either directly or indirectly by grouping together information, by reference to an identification number or to elements specific to said person: name, address, telephone number, IP address, email address, vehicle registration number, professional registration number, identifier/login, password, logging data, etc.

Personal Data Breach

Means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.


Means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


Refers to the purpose of the Personal Data Processing operations implemented by the Data Controller, in accordance with Appendix 1.

Regulatory Authority

Refers to any competent authority with regard to the Processing of Personal Data.

Sensitive Data

Refers to the special categories of Personal Data which Processing is prohibited on principle. These are Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

Security Policy

Refers to Mention's internal security policy which is updated regularly. This policy, detailing the security measures specifically implemented, may be forwarded upon request by the Customer.


Refers to the services provided by Mention under the Main Agreement.

Third Countries

Refers to any State that is not a member of the European Union.

This terminology also includes any international organization with countries that are not members of the European Union.


This Data Processing Agreement comes into force upon the Customer’s consent to be bound by the Main Agreement and remains applicable throughout the duration of the Main Agreement.

The Data Processor shall delete, or at Data Controller’s request return to Data Controller, all Personal Data Processed under this Data Processing Agreement after such period of time set, including deleting existing copies, unless EU law (including the laws of its member states) requires storage of the Personal Data.

This Data Processing Agreement substitutes any applicable Personal Data protection clauses that may be contained in the Main Agreement. In case of contradiction, the Parties expressly agree that this Data Processing Agreement shall prevail over the Main Agreement.


The Customer, in its capacity as Data Controller, designates Mention as Data Processor to process Personal Data in its name and on its behalf in order to achieve the authorized Purpose referred to in Appendix 1 to this Data Processing Agreement in connection with the performance of the Services.


The Data Processor guarantees the Data Controller that it:

  • Only processes Personal Data that is necessary for the authorized Purposes, in accordance with the Instructions referred to in Appendix 1, and shall not process Personal Data for other purposes;
  • Complies with Applicable Data Protection Laws as well as the Instructions issued by the Data Controller, and oversees compliance with it by Authorized Recipients and Sub-Processors;
  • Ensures that all systems, services and products used in connection with the Processing of Personal Data comply with Applicable Data Protection Laws;
  • Cooperates and complies with the instructions or decisions of any Regulatory Authority within a deadline that would allow the Data Controller to comply with the deadlines imposed by such Authority; and
  • Does not do or fail to do or permit anything to be done that would cause the Data Controller to violate Applicable Data Protection Laws;
  • Uses the Services in accordance with Applicable Data Protection Law.

The Data Processor is not intended to host Sensitive Data Processing operations as part of the performance of the Main Agreement, and does not have the "Health Data Hosting" certification provided for in Article L.1111-8 of the French Public Health Code. The Customer carrying out Sensitive Data Processing will take full liability for such Processing operations, without any liability on the part of the Data Processor.


The Data Processor commits to:

  • Designate a contact to the Data Controller. This contact must have the necessary experience, competence, authority and resources to carry out his mission;
  • Adhere to and actively participate in a logic of cooperation in order to ensure compliance with Applicable Data Protection Laws and the good practices recommended by the Data Controller under said Applicable Data Protection Laws. As such, the Data Processor commits to provide the Data Controller with all reasonable means to ensure full cooperation, information about the Processing operations and assistance in the event of a complaint, request for advice, communication, or actual or suspected breach of security affecting Personal Data;
  • Raise awareness of its staff on issues related to the protection of Personal Data;
  • Modify, transfer and/or remove Personal Data held by him or on behalf of the Data Controller by a Sub-Processor, in accordance with any written Instruction of the Data Controller;
  • Immediately inform the Data Controller:
  1. If the Instructions issued by the Data Controller relating to Processing are illegal or appear to be contrary to the doctrine and recommendations of a Regulatory Authority;
  2. If a Personal Data Breach occurs, or in the event of the occurrence of a security breach affecting the Data Processor's information system or that of one of its Sub-Processors, immediately after having become aware of it under the conditions provided for in Article 6 of this Data Processing Agreement;
  3. If the Data Processor or a Sub-Processor receives a complaint, opinion or communication from a Regulatory Authority that directly or indirectly concerns the Processing operations or the compliance of either Party with Applicable Data Protection Laws;
  4. If the Data Processor or a Sub-Processor receives a complaint, opinion or communication from a Data Subject in connection with the exercise of their rights.
  • Assist the Data Controller in complying with the obligations set out in Articles 32 to 36 of the GDPR, taking into account the nature of the Processing operation and the information made available to the Data Processor. This assistance may include the provision of information and the performance of data protection impact assessment in relation to the Processing operations implemented by the Data Processor.


The Data Processor commits to:

  • Ensure that appropriate technical and organizational measures have been set up against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data held or processed by the Data Processor, including all measures necessary to ensure compliance with the security requirements of the Personal Data provided by Applicable Data Protection Laws;
  • Implement the Security Policy;
  • Ensure that Authorized Recipients and Sub-Processors comply with the provisions of its Security Policy, and incorporate all reasonable requests from the Data Controller relating to security and the Processing of Personal Data.

If an actual or potential Personal Data Breach occurs, affecting the Data Processor’s Services or those of a Sub-Processor, the Data Processor commits to:

  • Notify the Data Controller of any security breach that may result in a Personal Data Breach as soon as possible, no later than one (1) business day after becoming aware of the breach, by electronic mail;
  • Accompany the notification with all relevant documentation to enable the Data Controller to notify the Personal Data Breach to the competent Supervisory Authority or to Data Subjects. The Data Processor will specify the following as much as possible:
  1. A description of the nature of the Personal Data Breach including, where possible, the categories and approximate number of Data Subjects and Personal Data records concerned by the Personal Data Breach;
  2. The name and contact details of the Data Protection Officer and/or another contact point from which further information can be obtained;
  3. A description of the consequences of the Personal Data Breach; and

(iv) A description of the measures taken by the Data Processor to remedy the Personal Data Breach, including measures to mitigate any negative consequences.

  • The information mentioned above may be provided in a staggered manner and without undue delay if it is not possible for the Data Processor to provide all the information at the same time, or if clarifications can be made on elements already provided.

The Data Processor will perform an annual review of its Security Policy and update it regularly to include:

  • Changes in technological progress and best practices;
  • Any changes or suggested changes to the Data Processor procedures, sites and systems, Services and/or associated processes;
  • Any new perceived or modified threats to the Data Processor's procedures, sites and systems; and
  • Any reasonable request to modify the practices transmitted by the Data Controller.


In a logic of accountability, the Data Processor commits to:

    • Regularly update its record of Processing activities in accordance with Article 30 of the GDPR, and to keep a written record of any Processing operations and Instructions relating to the Processing carried out on behalf of the Data Controller;
    • Regularly update its security breach record, which is filled by the Data Processor as soon as a Personal Data Breach occurs, whether or not such Personal Data Breach has been notified to the Regulatory Authority;
    • Build and keep documentation relating to the training or awareness-raising of the Data Processor’s staff with regard to the protection of Personal Data;
  • Regularly update its Security Policy, as provided for in article 6.


The Data Processor commits to:

  • Restrict access to Personal Data to the Authorized Recipients and Sub-Processors needing access to Personal Data. If any Data Processor’s employee has access to Personal Data, the Data Processor will ensure that such access is relevant with regard to that employee's duties;
  • Ensure that the Authorized Recipients are aware of Applicable Data Protection Laws and are aware of the Data Processor's duties and their personal duties and obligations under Applicable Data Protection Laws as well as this Data Processing Agreement;
  • Impose on the Authorized Recipients and Sub-Processors legally binding confidentiality and security obligations equivalent to those contained in this Data Processing Agreement; and
  • Ensure that the Authorized Recipients and Sub-Processors comply with Applicable Data Protection Laws and document this obligation in writing.

As part of the performance of the Services, the Data Processor is expressly authorized by the Data Controller to appoint one or more Sub-Processors in order to perform Processing operation on Personal Data:

  • Provided that the Data Processor first notifies the Data Controller who may object to such measures within ten (10) days. The Data Controller’s objection must be based on reasonable grounds, for example if the Data Controller can show that the use of the intended Sub-Processor causes significant risks in relation to the protection of the Personal Data. If the Data Controller and the Data Processor are unable to settle the objection, the Data Processor has the right to immediately terminate the Main Agreement, including for the sake of clarity this DPA, by giving the Data Controller written notice to that effect.
  • Provided that a sub-processing agreement is entered into with the Sub-Processor prior to transfer of or access to Personal Data, and that the agreement includes the same obligations relating to the Processing as those set out in this Data Processing Agreement; and
  • Provided that the Data Processor ensures that the Sub-Processor complies with the Personal Data protection and confidentiality obligations set forth in the sub-processing agreement.

Any further sub-contracting relating to the Services does not relieve the Data Processor of its responsibilities and obligations to the Data Controller under this Data Processing Agreement. The Data Processor shall remain fully responsible for the acts and omissions of its sub-processors.


The Data Processor undertakes, in relation with a request to exercise a Data Subject’s rights:

  • To notify the Data Controller within five (5) business days of any request from a Data Subject wishing to exercise his/her rights under Applicable Data Protection Laws, including in particular requests for access, rectification, erasure of Personal Data as well as requests for portability of Personal Data and opposition to Processing;
  • To fully cooperate with the Data Controller in order to answer Data Subjects’ requests to exercise their rights under Applicable Data Protection Laws within reasonable time limits in consideration of their nature and number; and
  • Not to disclose to Data Subjects any Personal Data without consulting and obtaining the prior written consent of the Data Controller.

Any operation carried out by the Data Processor in the context of a request to exercise a right may, if necessary, give rise to additional invoicing with regard to the technical investigations carried out.


The Data Processor may Process Personal Data in a country outside of the EU/EEA provided that the Data Processor first notifies the Data Controller who may object to such measures within ten (10) days. The Data Controller’s objection must be based on reasonable grounds, for example if the Data Controller can show that the destination country causes significant risks in relation to the protection of the Personal Data. 

In any case, transfer of Personal Data shall be achieved by establishing a binding agreement, in accordance with the applicable EU Commission Model Contracts for the transfer of Personal Data to third countries, between the Data Processor and any Sub-Processors. Processing in a country outside the EU/EEA may also take place on the basis of a valid adequacy decision or on the basis of binding corporate rules that have been approved by the relevant supervisory authorities, to the extent the Data Processor and the relevant sub-processors have adopted the same binding corporate rules.


Throughout the Main Agreement’s duration, the Data Controller may identify additional requirements, other than those identified in this Data Processing Agreement, in order to comply with its obligations under Applicable Data Protection Laws.

Where the Data Controller identifies additional requirements, the Parties shall cooperate in good faith to amend the Main Agreement in order to allow the Processing activities to comply with such additional requirements. The costs associated with the implementation of such additional requirements shall be borne by the Data Controller.


The Data Processor shall indemnify the Data Controller for all and any direct damages suffered by the Data Controller in connection with a breach, by the Data Processor, its employees, representatives, agents or Sub-Processors (including Authorized Recipients) of its obligations under this Data Processing Agreement.

The Data Processor commits to implement all necessary and reasonable means to ensure the security of the Processing operations and shall be liable for damages related to a security failure attributable to the Data Processor resulting in the unavailability, loss of traceability, doubt as to the integrity or lack of confidentiality of the Personal Data. It is expressly agreed between the Parties that the absence of risks in terms of computer security does not exist and that the Data Processor is bound in this respect to a strict means obligation, excluding any result obligation.

Each Party shall within reasonable time notify the other Party in writing if it receives a claim for damages or other liability and provide the other Party with sufficient insight to the documentation in order for such Party to prepare its defense and/or limit the damage.

In any event, the Data Processor’s liability for costs, expenses, losses, damages or other liabilities arising out of or in connection with the breach of this Data Processing Agreement (whether by the Data Processor or its employees, representatives, agents or Sub-Processors, the Authorized Recipients) may only be search for one (1) year from knowledge of the damage.


The Data Controller may commission audits aimed at ensuring the proper level of the Data Processor compliance. Said audit will cover the elements referred to in Article 7 of this Data Processing Agreement.

The Data Controller may commission impartial audits for compliance with the Data Protection Regulation to be carried out on the Processing operations implemented for the purpose of performing the Services under the conditions defined below:

  • The audit shall be carried out by an external auditor selected together by the Parties for its expertise, independence and impartiality;
  • The selected auditor shall be bound by a confidentiality agreement and/or by professional secrecy;
  • The Data Controller shall notify the Data Processor in writing, minimum of fifteen (15) working days in advance, of its intention to have a compliance audit conducted;
  • In no way, the audit carried out shall deteriorate or slow down the Services offered by the Data Processor or affect the Data Processor's organizational management. The audit shall not include any actions that could potentially damage the infrastructure hosting the Personal Data or interfere with other Services provided by the Data Processor to other providers;
  • A copy of the audit report shall be provided to the Data Controller as well as to the Data Processor, reporting the results of the audit mission and for which comments may be made by the Parties. This report may, if necessary, be the subject of an in-depth review by a steering committee;
  • The costs of the compliance audit shall be exclusively borne by the Data Controller;
  • The Data Controller may only commission compliance audits up to a maximum of one (1) audit per year; and
  • The Data Processor will have a period of three (3) months from the communication of the audit report to correct, at its own expense, the shortcomings and/or non-compliances observed.

The Data Processor undertakes to allow the selected auditors access to its sites, facilities, documents and information necessary to evaluate its good level of compliance and to cooperate fully with them for the proper performance of their mission.

In the event of a control carried out by a competent Regulatory Authority that may be of interest to the Data Controller's Processing, the Data Processor commits to cooperate fully with the Regulatory Authority.

In the event of a control carried out by a competent Regulatory Authority with regard to the Data Controller, the Data Processor commits to fully assist the Data Controller with regard to the Processing operations carried out under this Data Processing Agreement.

All Personal Data collected for the purposes of audits and controls is considered as "Confidential Information" within the meaning of the Main Agreement.


This Data Processing Agreement may not be amended except in writing signed by the duly authorized representatives of each of the Parties.

If Applicable Data Protection Laws are amended, it is agreed that the Parties may revise the provisions of this Data Processing Agreement and negotiate in good faith with the aim to comply with the updated Applicable Data Protection Laws.



Accessing Data related to a selected mention and performing any action, including posting

  • Data Processor’s governance

Data Protection Officer

Insert the contact details of the data protection officer

Valerie Paris


  • Data Processing Details

Categories of Data Subjects

Please specify the categories of individuals concerned by the Processing carried out by the Data Processor

Any natural person having Personal Data embedded within displayed content

Categories of Personal Data

Please specify which Personal Data will be processed by the Data Processor

Any category of Personal Data embedded within displayed content

Categories of Processing performed

Please specify all the processing activities to be conducted by the Data Processor



Please specify the duration of processing activities

For the entire duration of the Main Agreement

Transfers to third countries

If the Data Processor performs data transfers in outside the European Union, please specify the adequacy system provided to ensure the legality of the data transfer.

No Personal Data transfer to third countries

General Terms and Conditions

Version: November 2020

These general terms of sale (hereafter referred to as the “General Terms of Sale”) for the provision to the Client of the services described on the website www.mention.com (hereafter referred to as the “Website”) or in the Purchase Order, as described below (hereafter referred to as the “Services”) apply to the company Mention Solutions SAS (hereafter referred to as “Mention”), registered under number 790 841 266, at the address 16 Passage Jouffroy, 75009 Paris, France. Their purpose is to define the terms and conditions under which the Services will be supplied to the Client and to describe the parties’ related rights and obligations.

Where applicable, they may be supplemented by a purchase order (hereafter referred to as the “Purchase Order”) or special terms of use for certain Services, which will be considered supplementary to these General Terms of Sale and, in the event of contradiction, will take precedence over the latter. By signing a Purchase Order or accepting these General Terms of Sale during the registration process, you hereby confirm that you are authorised to commit the Client by means of such a procedure.

The Services are intended exclusively for professionals, this being understood as referring to any natural or artificial persons performing a non-occasional paid activity in all branches of industry and business.

1. The Services

The Services refer at all times to the latest up-to-date version of the Web services, the associated software and other related services supplied to the Client by Mention pursuant to these General Terms of Sale and to the Purchase Order where applicable. The Services are proposed on a SaaS basis (Software as a Service), with the various characteristics and functions described on www.Mention.com (hereafter referred to as the “Solution”). The Services may also include supplementary services and modules, including third-party professional services, software and services, as agreed between the Client and Mention. If third-party services are ordered via the Services, the Client may be obliged to accept these third parties’ general terms and conditions in order to access the services. The supplementary professional services are defined in the Purchase Order. Mention is constantly working to develop and improve the Services. Mention reserves the right to introduce new versions, updates and packages for the Services, including but not limited to modifications affecting the design, operating methods, technical specifications, systems and other functions, etc. of the Services at any time without notice. The Client will be informed in advance if Mention considers the changes as being of vital importance to the Client.

2. Accessing the Services, passwords, etc.

Mention protects the Services and it is important that these may be used under fully secure conditions. The Client must ensure that the usernames and passwords of the users with access to the Solution are stored and used in a secure manner and may not be consulted or used by unauthorised third parties. The Client is responsible for any unauthorised use of the usernames and login information of the Client’s users to access the Services. If the Client suspects that an unauthorised person has become aware of a username and/or a password, the Client must immediately inform Mention of this and also change this username and/or password. Mention reserves the right to terminate the Client’s access to the Services at any time if Mention considers that the Client is failing to comply with the General Terms of Sale or that there is a risk to the security of the Solution and the Services.

3. Use of the Services

The Services may be used by the Clients as legally constituted entities and organisations, pursuant to these General Terms of Sale, to the Purchase Order where applicable, and to the administrative and security instructions sent to the Client by Mention such as information via the Services, direct messages to the Client or via the Website. The Client will be responsible for the activities performed by its users, including its employees, consultants, managers, directors, agents or staff within the Services and will use the Services in accordance with all laws applicable to them. Any content uploaded, transferred, displayed publicly, processed or entered in the Services by the Client (hereafter referred to as the “Client Content”) will be considered the sole responsibility and liability of the latter.

The Client must only use Services for internal business purposes and must not: (i) grant licenses or sublicenses, sell, resell, rent, lease, transfer, assign, distribute, time-share or otherwise exploit the Services or make them available to a third-party; (ii) send spam or other unsolicited messages in violation of the applicable laws; (iii) knowingly send or store material containing computer viruses, worms, Trojan horses or any other malicious IT code, files, scripts, agents or malware, or enable a “bot” or other non-approved automated process to interact with the Services; (iv) interfere with or adversely affect the integrity or performance of the Services or the data they contain; (v) attempt to obtain unauthorised access to the Services or to the related systems or networks. The Client must not (i) modify, copy or create derivative works based on the Solution and/or the Services or (ii) disassemble, reverse engineer or decompile the Solution and/or the Services. The Client guarantees Mention that it possesses all necessary rights and authorisations to circulate this Client Content. It undertakes that the said Client Content is legal, does not infringe public order, public policy, public decency or the rights of third parties, does not infringe any legal or regulatory provision and more generally is in no way likely to result in Mention incurring any civil or criminal liability.

4. Mention Content

During the use of the Services, Mention supplies the Client with content when its search results are displayed (hereafter referred to as the “Mention Content”).

This Mention Content results from the aggregation of data by Mention itself or from third parties. This Mention Content may be subject to copyright or other legal protection provided for under the terms of the applicable regulations, preventing the use of the said Mention Content outside the scope of the Services supplied by Mention.

Consequently, the Client acknowledges and accepts that the Mention Content may only be used within the scope of the Services supplied by Mention. Any use by the Client outside the scope of the Services of Mention Content supplied as part of the Services is prohibited.

Any use by the Client of the Mention Content for purposes other than those covered by the Services will be conducted at its own risk, with Mention granting no guarantees and accepting no liability for such use.

5. Client Content

It is extremely important that the rights of third parties are respected when using the Services. Any Client Content uploaded, transferred, circulated, published, processed or entered in the Solution or within the scope of the Services by the Client will be considered the latter’s sole and exclusive liability. This also applies, in all aspects, to the Mention Content produced by Mention as part of the agreed Services supplied to the Client. The Client will be responsible and liable for monitoring its Client Content and will be considered liable vis-à-vis Mention for ensuring that the Client Content it publishes does not in any way affect third parties and does not violate these General Terms of Sale or the applicable law in any manner and that the Client Content is appropriate. The Client must therefore analyse and critically assess its obligations before publishing Client Content via the Services. Among other things, this means that the Client must ensure that via the Client Content it:

  • does not infringe the Terms of Use of Twitter, Facebook, Instagram, Linkedin and any other third-party service which Client accesses when using the Services;
  • does not commit any criminal acts;
  • does not defame, libel, persecute, slander, discriminate against (on the grounds of race, colour, nationality or ethnic origin, religious convictions or sexual orientation, disability or illness for example), threaten or otherwise harm any other person or their rights, by any means;
  •  does not distribute inappropriate, vulgar, offensive, dishonest, unsuitable, racist, pornographic or sexist material via the Client Content;
  •  does not send out or allow to be sent out any unsolicited advertising such as spam, or use the Services in any other manner to transfer or publish Client Content which chiefly comprises concrete business offers and proposals, for example advertising, click offers, price lists or similar content;
  •  does not copy, sell, circulate, publish or use the Mention Content or any other content or material belonging to Mention or other clients or users (if you have not obtained express consent to do so);
  •  does not claim to be someone else or to give a false description of the Client’s connection with another person or organisation in any manner;
  •  does not make available material which the Client is not authorised to publish in accordance with the law, an agreement or any loyalty-related obligation (such as business secrets, insider information or confidential information);
  • does not contravene any applicable data protection legislation; and
  •  does not infringe any patent, trademark, trade secret, copyright, neighbouring rights, protection of designs (whether registered or otherwise), or any other intellectual property right, and does not allow third parties to infringe them.

The Client must also ensure that it possesses the appropriate rights to publish the Client Content via the Services. By publishing the Client Content, the Client guarantees that it possesses these rights. The Client must:

  • have received all required consent from the third parties concerned, or have ensured that another legal basis exists for the processing, in order that the processing, including the publication of the Client Content via the Services, does not infringe the rights of any person or organisation;
  • ensure that there is a sound legal basis for the publication of images of any persons visible in the uploaded images or films, in as far as this is required by law;

The Client holds Mention harmless against any legal action resulting from any Client Content posted in violation of these General Terms of Sale.

At its sole discretion, Mention may delete all or part of the published Client Content without notice at any time, if Mention considers that it violates these General Terms of Sale. Mention must inform the Client of the said deletion and the reason for this.

6. Use of the Client Content by Mention

In order for Mention to be able to supply the Client with the Services, the Client grants Mention a non-exclusive, free, global and otherwise unlimited right to process, use, publish and copy the Client Content and to make it available, whether directly or indirectly, for the purpose of providing the Services to the Client. 

7. The processing of personal data

7.1. The processing of personal data by Mention

The effects of the General Terms of Sale, of the Purchase Order (where applicable) and the use of Services by the Client entail some processing of personal data. The parties must assume various roles and responsibilities concerning the processing of this personal data. For the purpose of processing personal data in a prudent manner compliant with the applicable data protection legislation, including but not limited to the French data protection act (“Law number 78-17 of 6 January 1978 concerning the protection of personal data” as amended) and (EU) regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data and the free circulation of this data (the general data protection regulation or “GDPR”), the parties agree that the attached Data Protection Conditions including the Data Processing Agreement, will be considered an integral and binding part of these General Terms of Sale. In the event of any contradiction with these General Terms of Sale, the Data Protection Conditions / Data Processing Agreement will take precedence.

7.2. The processing of personal data by the Client

In particular, if the Client processes personal data outside the scope of the Services (for example by contacting a person whose contact information has been supplied to the Client as part of the Services, by any means other than those provided as part of the Services), the parties are reminded that this processing is performed under the Client’s sole and exclusive liability, with the Client acting as the data controller. The Client must therefore ensure that the processing of any data complies with the applicable regulations (including in particular the legal basis for the processing and the provision of compulsory information to the data subject) and moreover guarantees Mention against any complaints or claims based on this new processing of the personal data by the Client.

8. Access and security

At its sole discretion, Mention agrees to adopt reasonable measures to ensure that the Services are available on the Internet 24 hours a day, 7 days a week. Mention is entitled to take measures affecting the above-mentioned access when Mention considers this necessary for technical, maintenance, operational or security reasons. The Client acknowledges and accepts that maintenance, updates, bugs and other causes or circumstances, whether planned or unplanned, may result in interruptions to or breakdowns affecting the Services. The Client may visit status.Mention.com to obtain information concerning the current operational status of the services. The Client understands and acknowledges that its access to the Internet cannot be guaranteed and that Mention may under no circumstances be considered liable for any issues with the Client’s Internet-related connections or equipment. Mention must adopt reasonable measures to ensure that the security of the Services complies with the standards applicable in the sector. Mention’s security measures are described in the Security Policy and apply at all times. This Security Policy may be viewed here.

Due to the complexity of the Internet, the unequal performance of different sub-networks, peak use by users of the Solution at certain times and various bottlenecks over which Mention has no control, Mention’s liability will be limited to the operation of its servers, the external limits of which are constituted by their connection points. Mention may not be considered liable for (i) access speeds when accessing its servers, (ii) external slowdowns affecting its servers (iii) poor transmission due to the failure of or problems with these networks. Mention may not be considered liable in the event of intrusions with malicious intent in the storage area reserved for the Client unless it has been demonstrated that the security measures it has introduced were seriously insufficient. Furthermore, Mention may not be considered liable for any lack of vigilance on the part of the Client’s users in maintaining the confidential nature of their usernames and passwords 

9. Assistance services

Mention will provide the Client with assistance services if it has any questions concerning the use of the Services. The contact details and opening times of the assistance service can be found on the Mention Website.

10. Contractual term and termination

The Services are provided in the form of a subscription (hereafter referred to as the “Subscription”). 

The Subscription begins on the date on which the Client supplies its bank details, for a period of 1 (one) month or 1 (one) year according to the subscription period selected by the Client, from date to date, (hereafter referred to as the “Subscription Period”). If the Subscription is made in the form of a Purchase Order, the Subscription is taken out for the period mentioned in the said Purchase Order.

If the Client enters its bank details before the expiry of the free trial period, the Subscription will begin on the date these details are supplied. The Subscription is then automatically renewed for successive periods of a duration identical to the Subscription Period, from date to date, unless cancelled by Mention or by the Client at least 1 (one) week in the case of a monthly Subscription or 90 (ninety) days in the case of an annual Subscription before the expiry of the period concerned. The Subscription must be cancelled:

  • By the Client: by clicking the button provided for this purpose in its Customer Account or by email,
  • By MENTION: by email.

The cancellation of the Subscription will take effect at the end of the last day of the Subscription. 

Once the paid Subscription Period or the free trial period have ended, the Services will be automatically downgraded to those of the “free” Subscription offer. In the case of a free Subscription Period, the Subscription may be terminated by either party subject to the issuing of written notice, or, where applicable, by means of a dedicated button provided for this purpose. 

Mention may always terminate the Subscription with immediate effect earlier than above-mentioned dates if the Client:

  • fails to abide by any of the provisions of these General Terms of Sale, or more generally if the client contravenes any laws or regulations and if it takes no steps to rectify such failings within 30 (thirty) days following the receipt of a written request to this effect from Mention, or
  • goes bankrupt, enters into a settlement agreement, suspends its payments, is the subject of corporate restructuring measures or risks finding itself in a situation of insolvency in any other circumstances.

11. Guarantee limitations and claims

Mention guarantees the Client that the Services will operate in a substantial and material manner in compliance with what is presented on the Mention Website, under normal conditions and circumstances of use, for the intended purposes and for the sole use of the Mention Content as part of the Services. This guarantee does not apply to the trial period for Subscriptions or to the free Subscription. With the exception of the above-mentioned guarantees and in as far as allowed by law, Mention rejects any other guarantee or warranty concerning the Services, whether express or implicit, including but not limited to their adaptation to a particular use, the accuracy or reliability of the results obtained from using the Services, that the Services meet specific requirements, that the Services will not be interrupted, or that they are fully protected or free of computer errors. 

12. Liability limitations, etc.

With the exception of any legal liability which Mention is legally prevented from declining (such as compulsory product-related liability, liability for bodily injury or death, etc.), Mention may not be considered liable for any loss of income, profits or savings, contracts, production, clients, data or other information, and for complaints or claims from third parties, indirect losses and any other consequential losses. Furthermore, Mention’s overall liability within one calendar year may not exceed the amount which the Client has paid Mention during the said calendar year.

Mention is not responsible or liable for ensuring the permanent and uninterrupted availability of the Services or for any other losses or circumstances arising following one of the situations mentioned in Section 8, including a lack of access and security, interruptions, risks and faults.

It should be remembered that Mention is a simple supplier of data aggregation technology. Mention performs no verification of the data issued to the Client via its technology. Consequently, regarding the Mention Content, the third-party services or material, Mention does not guarantee that any Mention Content or any material or service supplied by third parties is totally correct, reliable, complete or accessible, and Mention is not liable for any losses or damage arising from problems with this Mention Content, material or service. The parties are reminded that the Client is only authorised to use the Mention Content for consultation purposes as part of the Services and that any other use of the Mention Content is at the Client’s risk, with no guarantees from Mention.

The Client will defend and compensate Mention for any complaints, claims or proceedings initiated against Mention by a third party arising from the use (or related to the use) of the Services by the Client, including complaints and claims related to the Client Content published by the Client as part of the Services.

13. Prices and payment

In return for the provision of the Solution and the Services, the Client will pay the price stated on the Website according to the offer selected at the time it subscribed to the Services or stated in the Purchase Order. Mention reserves the right to increase its price by a maximum of 5 (five) percent for each renewal period. The Client will be informed of these modifications by Mention by any appropriate written means (including by email) at least 120 (one hundred and twenty) days before the new prices take effect. Once they have taken effect, the new prices will apply when the Subscription renews. Unless stated otherwise in the Purchase Order, payment will be made at the start of each Subscription Period following the issuing of an invoice by Mention, or, where applicable, by credit card. The payment should reach Mention in full within the payment times stated on the invoice or in the Purchase Order where applicable. In the case of late or non-payment by the Client, Mention may invoice it for late payment interest at an interest rate of 8 (eight) percent per annum, in addition to reminder fees and compensation for any recovery costs in addition to those for any other means of redress at Mention’s disposal.

The Client agrees to settle invoices in the currency stated on the invoice, with payment being made to the account stipulated on the invoice.

Without prejudice to its other rights, Mention may temporarily deactivate the Client’s access to the Services in the case of overdue payment exceeding 20 (twenty) days. Additionally, Mention may terminate the Subscription and delete and destroy the Client Content in the case of overdue payment exceeding 40 (forty) days.

In the case of the early termination of this agreement due to non-observance by the Client, the Client is entitled to no reimbursement of any sums paid in advance.

14. Force majeure

Neither of parties may be considered liable for any failings or delays in the performance of their commitments under the terms of these General Terms of Sale if these failings or delays result from a case of force majeure as defined in article 1218 of the French Civil Code. The Parties hereby agree that the term ‘force majeure’ refers to all events normally recognised as such by law and by the French courts, including but not limited to interruptions to or problems with the Internet or networks, telecommunications, power supplies or any other infrastructure, general labour disputes, wars, fires, lightning, epidemics/pandemics, terrorist attacks, DDoS attacks or similar attacks aimed at interrupting the normal movement of data, changes in regulations by the authorities or errors and delays with the services provided by subcontractors due to these circumstances. 


15. Intellectual property rights

All intellectual property rights concerning Mention, the Mention Solution, the Mention Services, the Website and all other related services, such as patents, design patents, design rights, copyrights, neighbouring rights, moral rights, business secrets and know-how, rights concerning databases, trademarks, company names, rights relating to business legislation and any other intellectual property right, in all cases, whether registered or registrable, and all applications for registration of any of the above-mentioned rights in addition to the right to apply for registration and all rights and forms of protection of the same nature or having similar effects worldwide are and will remain the property of Mention or its licence providers. Under no circumstances does the use of Services represent a transfer or assignment of these intellectual property rights to the Client.

The Client expressly acknowledges and accepts that any use of the Mention Content outside of the Services may result in an infringement of intellectual property rights, for which the Client will be considered solely liable. Any Client Content published by the Client via the Services remains the exclusive property of the Client or its respective legal owner. All rights concerning the Mention Content produced by Mention in the Client’s name as part of the professional services supplied will also be considered the property of the Client.

16. Privacy & confidentiality

Both parties agree to treat information which may be considered as the other party’s professional or business secrets (whether in verbal, written or electronic form or in any other form) as private and confidential, unless the party supplying the said information expressly gives its written consent to the contrary. This means that neither party may divulge this information to a third party or use this information for purposes other than the performance or implementation of this agreement. Both parties must also ensure that this commitment is observed and respected by all employees, staff, agents or other persons to whom such information is revealed. This privacy and confidentiality obligation will continue to apply for 2 (two) years after the termination of this agreement. However, the privacy and confidentiality obligations will not apply to information which is widely known or for which a party can demonstrate that it became aware of the information via any means other than these General Terms of Sale. The privacy and confidentiality obligations will also not apply when a party is required to supply the information in compliance with a law, a regulation or a decision by the authorities.

17. Messages

The Client may contact Mention by post at Mention Solutions SAS, 16, Passage Jouffroy, 75009 Paris, France or by e-mail at support@Mention.com. 

When Mention needs to contact the Client, Mention will use the postal address or e-mail address which the client supplied at the time it subscribed to the Services or contained in the Purchase Order. The Client is responsible for ensuring that this contact information is kept up to date.

Mention may also send marketing communications to the Client concerning Mention’s products, services and events.

18. Modifications to the General Terms of Sale 

Mention may modify the General Terms of Sale. If such changes significantly modify the Client’s rights and obligations, the Client will be informed of these changes by email or via information provided within the Services or on the Mention Website. All changes will take effect 1 (one) month after Mention has informed the Client of them, as stated above.

19. Business references

Unless expressly stated in the Purchase Order or notified to Mention by any appropriate written method, the Client authorises Mention to use its name, brand, logo and website details as business references on any media and in any form.

20. The transfer of services

These General Terms of Sale are valid between the parties and cannot be transferred or disposed of without written authorisation. However, Mention may wholly or partially transfer the provision of the Services to another company belonging to the same group as Mention. All rights and obligations existing between the Client and Mention will then apply between the Client and the company assuming the provision of the Services.

21. Applicable law and dispute resolution

Unless other provisions apply concerning the mandatory applicable law, these General Terms of Sale and the relationship between the Client, you and Mention will be interpreted and applied pursuant to French law. Unless otherwise stipulated by the over-riding applicable law, any disputes arising as a result of these General Terms of Sale or the relationship between the parties will be settled by the French general courts and the Tribunal de Commerce de Paris (Paris Commercial Court) in first instance.