Terms and Conditions
Find here every legal detail you need to know about how Mention works.
Version: September 20th, 2019
Mention has appointed Haas Société d’Avocats as its Data Protection Officer (DPO). Haas Société d’Avocats can be contacted via dpo@Mention.com.
How do we process personal data?
In this section, you can read about which personal data we process and why, how it is collected, the processing activities involved, with whom we share the data, including information regarding transfers of personal data outside the EU/EEA and the time period during which we store your data.
We may process your personal data when you directly provide it to us, as a customer or when you interact with us.
We may also process your personal data when we provide our services to our customer. In this situation, our processing is solely due to the fact that personal information about you is included within the content we provide to our customers (ex: your name in your Twitter ID).
2.1. Which personal data do we process?
The categories of personal data we process are the following:
- Name and contact details such as your email address, telephone number, location, professional title, and information regarding the company you represent as well as any agreements you have entered into with us on your or your company’s behalf;
- - Account details, including username/userID, password in encrypted form, information regarding unique identifiers such as API tokens, profile picture, bio, and information relating to other social media profiles (such as Facebook, Twitter, LinkedIn, Skype or Google accounts) you have linked to your user account;
- - Personal and professional preferences, including interests, subscriptions and language settings;
- - Browser information, e.g. type and version of browser, any website from which you have been referred, which time zone you visit us from; pages you visit on our website; your IP-address and a rough location estimate based on your IP-address; information about your web activity or your interaction in emails we send to you; information on your use of our services.
- When your personal data is embedded in the content we display, any data which has been displayed by the initial poster of said content (ex: name, photo).
2.2. Why we process your personal data
In this subsection, we describe when and why we process your personal data. Your personal data will not be used in any manner that is incompatible with the purposes for which they were collected.
2.2.1. Provide our services
We process your personal data to provide you or your company with our services and to communicate with you. This includes providing you access to our different features, administering your account, processing your contact information in connection with entering into or completing an agreement with you or your company, invoicing your company and providing support, training, professional services and general information regarding our services to you. Our processing for the purpose of providing our services is based on our legitimate interest to do so or on your prior consent (where applicable, such as when you sign up for an account).
2.2.2. Improve our services
We process your personal data to improve our services and make them more user friendly (e.g. by testing and troubleshooting, fixing bugs and amending the interface in order for you to easily reach the information that you seek or highlighting popular functions). This includes producing statistics on and analyzing how you use our services and performing market research and customer satisfaction surveys and getting your feedback through other feedback functions. For these purposes, we also use your personal data based on your web activity and activity associated with emails we send to you, including how you use our website and services, your interests, professional title and company and similarities with other users’ interests and user patterns (so called profiling and segmentation). To the extent possible, we use your personal data in an aggregated or anonymized form in this processing.Our processing for the purpose of improving our services is based on our legitimate interest to do so.
2.2.3. Direct marketing
We also use your personal data to communicate with you about our services, to inform you about our terms and conditions and to send you marketing messages. However, marketing messages will only be sent to you if you have opted-in through the double opt-in procedure to receive marketing messages (to the extent such procedure is required by applicable law). You may opt-out from further marketing messages at any time by using the un-subscription link provided in every marketing message. Our processing for the purpose of direct marketing is based on our legitimate interest to promote our services or on your prior consent (such as when you sign up for marketing messages).
2.2.4. Display content to our customers
We may process your personal data when we display content to our customers. By doing this, we may display any information which is already displayed within the source document. For example, if you are the author of a newspaper article and our customer is interested in the topic it covers, your article and your name may be displayed to our customer. Our processing for this purpose is based on our legitimate interest to provide our services to our customers.
In this context, your personal data may originate directly from the original website where said data has been displayed and that Mention has collected, or from one of the data providers which provide us with content to be displayed to our customers.
2.3. How we collect your personal data
2.4. How we share your personal data
The personal data that we collect is shared with other companies in the Mention group as well as with our third party suppliers and other third parties listed below, for the provision of our services, including for our developing and maintenance of the platform. This may involve coordination of your personal data with other registers.
These are the types of third parties with whom we share your personal data:
- – Our customers who access content relating to the mentions they select.
- - Service providers: We use third party service providers to manage some aspects of our business operations. We share personal data with such third parties with regard to IT infrastructure, operating and hosting services, marketing research and communications, financial and payment services, customer services and IT services such as IT support, maintenance and development.
- - Partners: If you use services that are provided by our partners and which are integrated with our services our partners gain access to your personal data. The personal data collected by our partners is covered by their own conditions and policies for processing of personal data.
- - Sale or transfer of business or assets: Your personal data may, to the extent allowed and in accordance with applicable data protection law, be transferred or disclosed to a purchaser or prospective purchaser in the event of a sale, assignment, or other transfer of all or a portion of our business or assets.
- - Persons in your network and the general public: If you choose to publish your personal data when using our services, such as in connection with uploading content, responding to tweets or posts, or making an entry in the comments fields of others, you make this information visible to the general public. If your email address is used to send news bulletins or to publish on Social Media accounts it will become visible to the recipients of the bulletins.
- - For security reasons: We may share your personal data when this is required by law, to protect you or our customers or for the security of our services.
2.5. Transfer of your personal data outside the EU/EEA
When another company in the Mention group, our service providers, partners or any potential purchaser of our business or assets are located in or have business activities in a country outside the EU/EEA, we may transfer your personal data to such countries. In the event of such transfer it will be made in accordance with applicable data protection law, for example by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission or by use of standard contractual clauses that the European Commission has issued ensuring suitable measures to safeguard your rights and freedoms.
You may access a list of the countries that the European Commission has decided provide an adequate level of data protection at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.
You may access the European Commission’s standard contractual clauses at http://eur-lex.europa.eu/eli/dec/2010/87/oj.
2.6. For how long do we store your personal data?
We will only store your personal data for as long as necessary for the purposes they were collected and to fulfill our legal duties to store data otherwise, but no longer than permitted by applicable law.
We have routines in place to remove personal data that is no longer necessary or allowed to store, including removing personal data related to deleted accounts at least once a year.
If your personal data is embedded in the content we display, we will store it for a maximum period of two years before deletion.
We have taken a number of security measures to ensure that the personal data we keep is secure. For example, access to areas where personal data is stored is limited to our employees and service providers who require it in the course of their duties and who are informed of the importance of maintaining the security and confidentiality of the personal data we keep. We maintain appropriate safeguards and security standards to protect your personal data against unauthorized access, disclosure or misuse. We also monitor our systems to discover vulnerabilities in order to protect your personal data.
4.2. Right of access and rectification
You have the right to information regarding which of your personal data we process and to access and rectify such personal data. You may access and amend some of the information we keep on you through your account settings. To learn more about the information we store about you, please do not hesitate to email privacy@Mention.com and specify which information you request access to or information regarding.
4.3. Right to erasure
You may request that we erase your personal data without undue delay in the following circumstances:
- - the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- - you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing;
- - you object to our processing of personal data and we do not have any overriding legitimate grounds for the processing;
- - the processed personal data is unlawfully processed; or
- - the processed personal data has to be erased for compliance with legal obligations.
We may deny your request if we are prevented from erasing your personal data by requirements set out in applicable laws and regulations (e.g. in relation to accounting and tax legislation) or if they are needed for the establishment, exercise or defence of legal claims. If we cannot meet your request, we will instead restrict the personal data so they cannot be used for another purpose than the purpose preventing the erasure.
- the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing;
- you object to our processing of personal data and we do not have any overriding legitimate grounds for the processing;
- the processed personal data is unlawfully processed; or
- the processed personal data has to be erased for compliance with legal obligations.
4.4. Right to restriction
You have the right to restrict the processing of your personal data in the following circumstances:
- - you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data;
- - the processing is unlawful and you oppose erasure of the personal data and request restriction instead;
- - the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defence of legal claims;
- - you have objected to the processing of the personal data in accordance with section 4.5 below, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.
If your personal data has been restricted in accordance with this section they may, with exception of storage, only be processed for the establishment, exercise or defence of legal claims, or for the protection of the rights of a third party or for reasons of important public interest according to EU or EU member state legislation.
- you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data;
- the processing is unlawful and you oppose erasure of the personal data and request restriction instead;
- the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defence of legal claims;
- you have objected to the processing of the personal data in accordance with section 4.5 below, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.
4.5. Right to object
You have the general right to object to our processing of your personal data when it is based on our legitimate interest. If you object and we believe that we may still process your personal data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Your personal data will not be processed for purposes related to direct marketing if you oppose such processing.
If we process your personal data while displaying content to our customers (purpose described in 2.2.4. above), your right to object shall be unconditional and Mention waives its right to oppose its potential compelling legitimate interest.
4.6. Right to data portability
If your personal data has been provided by you and our processing of your personal data is based on your consent or on the performance of a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.
4.7. Right to withdraw consent
When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. You may withdraw your consent through your account settings by deleting your account. Please note that the lawfulness of processing based on consent before its withdrawal is not affected.
4.8. Right to determine the fate of your data upon death
You may send us your instructions on what we should do with your personal data in the event of your death. This could for example ease and fasten personal data transmission to your beneficiary or the deletion of your data.
4.9. Right to file a complaint
You may at any time lodge a complaint with the supervisory authority if you believe that our processing is performed in breach of applicable data protection law. Please note that you are also always welcome to contact us in such event.
4.10. Personal data protection is paramount at Mention.
In order to exercise these rights, email us at email@example.com with the following information:
- Your full name;
- The email address for reply;
- The detailed purpose of your request (what right(s) you would like to exercise);
- A proof of your identity by any means.
Mention’s GDPR team will get back to you as soon as possible.
Version: September 20th, 2019
Mention Solutions SAS, headquarters in Paris (France), is a modern Software-as-a-Service (SaaS) company using third-party cloud-providers and modern agile product development processes to be able to provide a competitive product in a fast-moving landscape.
Mention security measurements are compliant with applicable law and are following industry security standards for cloud services.
Mention is ultimately owned by NHST Media Group AS in Norway, who is governing all companies in the group with an information security policy.
Technical and organisational measures
Mention servers are hosted on OVH, Online by Scaleway and AWS.
Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
OVH certifications can be found at: https://www.ovh.com/world/about-us/certifications.xml
All our servers are located within EU.
Mention services have a goal of being available 99.99% on a yearly basis. Health status for Mention services can be found on status.mention.com.
Mention is written in the web framework Symfony and has been tried by the open source community in terms of security. Mention Technologies are built in PHP, Go and Python. Applications are running in security patched linux environments.
Employees and consultants at Mention may be granted access to production data by granularity levels. Two-factor authentication is enabled when applicable. Changes to customer’s content through the services are logged.
Mention are performing backup of customer data. Backups of customer data are kept for 30 days for system recovery. Application logs are stored in separate systems and are retained for a longer time for information security consistency.
Mention uses automatic code-tests to ensure that new changes doesn’t break existing functionality. All code is also being reviewed by another person before merged into the master code tree. On top of that we have a manual Q&A process for testing new functionality before it’s being released to production.
Code updates to production environment is done on a daily basis. Each release to production carries information with traceability.
Security & Privacy Governance
Mention have assigned Data Privacy Officers within the company that are governing technical and organisational measures on how we are processing personal data according to applicable law. Mention have designated people that are working together with NHST Media Group to ensure compliance with NHST information security policy.
Employees, contractors, sub-processors
All devices of Mention employees are individually password-protected and encrypted as defined in an internal IT-policy.
Mention has established a routine for managing personal data breaches with an escalation program to ensure that we can notify affected parties as soon as possible and that we can report about an incident within 72 hours to the data authority in France (CNIL).
Version: September 20th, 2019
These Data Protection Terms (the “DPT”) have been entered into by and between Customer and Mention Solution SAS (each a “Party” and collectively the “Parties”). The Parties have agreed as follows:
1.1. Customer and Mention have entered into an agreement regarding Mention’s provision of Services to the Customer (below the “Main Agreement”). These DPT set out and describe different aspects and obligations of the Parties with regard to the Processing of Personal Data that may take place when Customer uses these Services or otherwise as an effect of the Main Agreement.
1.2. Furthermore, the Parties may in respect of their relationship and in relation to the Processing of Personal Data described in Clause 1.1 take on different roles and responsibilities. These DPT clarify when the Parties act as Data Controller and when Mention acts as Data Processor and Processes Personal Data on behalf of Customer, as well as the Parties’ obligations and responsibilities in relation hereto.
1.3. Also, Applicable Data Protection Law stipulates that when a Data Processor Processes Personal Data on behalf of a Data Controller, such relationship shall be governed by a contract. Appendix 1 (the “DPA”) has been established to comply with the requirements on such contracts, for the situation where Mention acts as Data Processor. The DPA forms an integral part of these DPT.
1.4. Terms used herein shall have the same meaning as set out elsewhere in the Main Agreement and as set out in Applicable Data Protection Law.
1.5. With respect of the above, the Parties have agreed as follows.
In these DPT:
“Applicable Data Protection Law”
means any and all data protection laws and regulations applicable from time to time on the Processing of Personal Data under these DPT, Including but not limited to the French Data Protection act ("Loi n°2018-493 on the protection of personal data") and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation)(“GDPR”).
means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data
means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Data Controller.
means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
means any information relating to a Data Subject.
“Processing (of Personal Data)”
means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. Obligations and responsibilities
It is important for Mention to safeguard personal integrity and ensure that any Processing of Personal Data within the Services is correct and lawful. Therefore, Mention’s Services may only be used in accordance with Applicable Data Protection Law.
3.2. Processing of Personal Data of the Parties’ employees and/or representatives
3.2.1. Each Party may as an effect of the Main Agreement and these DPT
Process contact information, and possibly also other Personal Data, of the
other Party’s employees and/or representatives. Such Processing may be for
communication and invoicing purposes and otherwise to manage each Party’s
relationship with the other Party. Each Party shall ensure that the other
Party has the right to Process such Personal Data belonging to such
employees and/or representatives of that Party, to the extent necessary for
the first Party’s fulfilment of the Main Agreement and these DPT.
3.2.2. Customer’s employees and/or representatives may create user accounts for their use of Mention’s Services. Mention’s Processing of Personal Data of such Data Subject is, in addition to what is covered by Clause 3.2.1, subject to the direct relationship between Mention and such employee and/or representative and covered by Mention’s relevant terms for user accounts including relevant privacy notice or similar.
3.3. Publishing of Content containing Personal Data on the Mention platform
Customer may publish Content online using Mention’s platform. Customer acts as Data Controller for such Processing to the extent such Content contains Personal Data. Mention is the Data Processor in relation to Customer for the provision of a publishing function on its platform and when Mention publishes Content on Customer’s behalf and instruction.
3.4. The Parties’ obligations in their capacity as Data Controller
3.4.1. Each of the Parties shall, when it acts as Data Controller under these DPT, ensure and be responsible for compliance with the requirements on such Data Controller as set out in Applicable Data Protection Law, including, but not limited to, ensuring a legal ground applicable to its Processing, taking appropriate measures to inform Data Subjects about relevant Processing of Personal Data and facilitating the exercise of Data Subjects’ rights in relation to such Processing. Each of the Parties shall also ensure and be responsible for compliance with any other legislation applicable to its Processing under these DPT. Customer shall thus ensure and be responsible for obtaining consent from Data Subject for send-outs containing marketing messages to the extent such consent is necessary according to applicable law.
3.4.2. Customer shall at all times respect Data Subjects’ exercise of their rights according to Applicable Data Protection Law. Customer may thus not within the Services Process the Personal Data of any Data Subject which has objected to, opted-out from or otherwise opposed such Processing or which has requested the erasure of its Personal Data from the Services.
3.5. Restrictions in relation to Sensitive Personal Data
Customer is aware that the Services are not intended to collect, manage or in any other way Process special categories of Personal Data (so called “Sensitive Personal Data”). Customer is further aware that such Processing is prohibited according to Applicable Data Protection Law, except where an exception set out in such law is applicable. Customer shall, to the extent it Processes special categories of Personal Data in its use of the Services be fully responsible thereto and at all times hold Mention harmless from any liability that may result from Customer’s use of the Services to Process Sensitive Personal Data.
3.6. Restrictions in relation to Personal Data gained access to through the Services
3.6.1. Except for as expressly set out herein, Customer may not, during the term of these DPT or thereafter, to any third parties disclose, misuse or use for any other purpose or in any other way than for its use of the Services, Personal Data gained access to as a result of its use of the Services. For the sake of clarity, such data include, but is not limited to, the following:
Personal Data included in materials produced by Mention’s media monitoring and media analysis services.
3.6.2. Except for as expressly set out herein, Mention may not, during the term of these DPT or thereafter, to any third parties disclose, misuse or use for any other purpose or in any other way than for Customer’s use of the Services Personal Data gained access to from Customer.
3.6.3. The restrictions set out in this Clause 3.7 do not apply to information that is generally known or that the Party subject to the restriction is obliged to provide in accordance with law, regulations or the decisions of the authorities.
3.7. Mention’s Processing of data for the purposes of providing the
Mention may however at all times Process Personal Data and other data that Customer has uploaded to the platform for the purposes of providing its Services, including for improving the Services and ensuring and improving the IT security of the Services. Mention may, for a period of 12 months from the creation of the file, for these purposes create and keep a log file on Customer’s employees’ and/or representatives’ use of and actions within Mention’s Services. Mention acts as Data Controller for such Processing of Personal Data for its own purposes.
4. Obligation to provide contact information of data protection officer
If Customer has appointed a data protection officer, Customer shall provide contact information of such data protection officer to Mention in order for Mention to be able to disclose such contact information to Data Subjects, as the case may be.
5.1. Each Party shall, with the limitations set out in the Main Agreement (Section 11), indemnify and hold the other Party harmless from any and all damages, claims, losses, costs and expenses of any kind which is attributable to the first Party’s Processing of Personal Data in breach of these DPT and/or Applicable Data Protection Law, unless the first Party can show that it, or its sub-processor if applicable, is not in any way accountable.
5.2. Each Party shall within reasonable time notify the other Party in writing if it receives a claim for damages or other liability and provide the other Party with sufficient insight to the documentation in order for such Party to prepare its defence and/or limit the damage.
6. Survival of obligations
On termination of the Main Agreement and accordingly these DPT, regardless of the reason for such termination, provisions contained in these DPT that are expressed or by their sense and context are intended to survive the expiration or termination of these DPT, shall so survive the expiration or termination and continue in full force and effect.
7.1. These DPT, including its Appendix, form an integral part of the Main Agreement and any provisions in the Main Agreement applicable for the subject of these DPT shall apply also in relation hereto. For the sake of clarity, such provisions include, but are not limited to, the provisions in the General Terms and Conditions regarding term and termination (Section 9), limitation of liability (Section 11) and changes to the Main Agreement (Section 17) which shall thus apply also in relation to these DPT. In case of conflict between the Main Agreement and these DPT, these DPT shall however take precedence in relation to the Processing of Personal Data that is subject to these DPT.
Appendix 1 - Data Processing Agreement (the “DPA”)
1.1. Applicable Data Protection Law sets out that when a Data Processor Processes Personal Data on behalf of a Data Controller, such relationship shall be governed by a contract. This DPA has been established to comply with the requirements on such contract and shall apply only when Mention acts as Data Processor on behalf of Customer.
1.2. It follows from Clauses 3.3 and 3.4 of the DPT in which situations that Mention acts as Data Processor on behalf of Customer.
1.3. The type of Personal Data Processed under this DPA, the categories of Data Subjects that the Personal Data concern, and the nature and purpose of the Processing under this DPA are set forth in Clause 3 of the DPT.
2.Processing of Personal Data
2.1. Mention’s general obligations as Data Processor
2.1.1. When Processing Personal Data under this DPA, Mention shall comply with Applicable Data Protection Law.
2.1.2. Mention shall ensure that persons authorised to Process, on behalf of Mention, the Personal Data Processed under this DPA, have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
2.1.3. Taking into account the nature of the Processing, Mention shall assist Customer by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Customer's obligation to respond to requests for exercising Data Subject's rights under Applicable Data Protection Law.
2.1.4. Taking into account the nature of the Processing and the information available to Mention, Mention shall assist Customer in ensuring compliance with Customer’s obligations pursuant to Applicable Data Protection Law, including (where applicable) its obligations to (i) implement appropriate technical and organisational measures, (ii) notify personal data breaches to the supervisory authority, (iii) inform Data Subjects of personal data breaches, (iv) carry out data protection impact assessments, and (v) carry out prior consultation with the supervisory authority.
2.2. Customer’s Instructions
2.2.1. Mention may only Process Personal Data on behalf of Customer in accordance with the documented instructions from Customer, set out in the Main Agreement including, for the sake of clarity, the DPT and this DPA or as otherwise communicated by Customer to Mention, unless required to do so by EU law (including the laws of its member states) to which Mention is subject; in such a case, Mention shall inform Customer of that legal requirement before Processing, unless EU law prohibits Mention from informing Customer on important grounds of public interest.
2.2.2. Mention shall immediately inform Customer if, in its opinion, an instruction is in breach of Applicable Data Protection Law and await further instructions. Customer shall provide Mention with the necessary instructions within reasonable time. If Customer does not provide such instructions Mention may take necessary measures to ensure compliance with Applicable Data Protection Law. For the avoidance of doubt, this does not affect Customer’s responsibility under the Main Agreement including, for the sake of clarity, the DPT and this DPA.
2.3. Duration of Processing
2.3.1. Mention shall Process Customer’s Personal Data under this DPA for the duration of the Main Agreement. Mention shall at all times respect Customer’s request to delete Personal Data Processed under this DPA and shall also at all times respect Data Subject’s opt-out from Contacts (by registering the Data Subject’s email address in order to identify it as blocked from Processing and keeping the request for a reasonable period of time).
2.3.2. Mention shall delete, or at Customer’s request return to Customer, all Personal Data Processed under this DPA after such period of time set out in Clause 2.3.1 of this DPA, including deleting existing copies, unless EU law (including the laws of its member states) requires storage of the Personal Data.
3. Security of Processing
3.1. Mention shall implement appropriate technical and organisational measures in accordance with Applicable Data Protection Law to ensure a level of security appropriate to the risk, including inter alia as appropriate:
the pseudonymisation and encryption of Personal Data;
the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services;
the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing; and
maintaining, updating and storing logs regarding the Personal Data, maintaining a secure IT environment, and establishing and maintaining physical safety measures and routines. Logs will be stored for 12 months.
3.2. Mention shall be prepared to follow any decisions from the supervisory
authorities regarding measures needed to meet legal security requirements.
3.3. Mention shall notify Customer, without undue delay, after becoming aware of a personal data breach (as defined in Applicable Data Protection Law) affecting the Personal Data Processed under this DPA and provide Customer with any information reasonably required by Customer regarding such personal data breach.
4. Information and audits
Customer shall have the right to obtain information from Mention and to verify the measures taken by Mention in accordance with Clauses 2.1.4 and 3.1 of this DPA. Mention shall allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer. The purpose of such audits shall be to verify Mention’s compliance with the obligations laid down in this DPA. Any audits shall be at Customer’s expense but Mention shall provide any required assistance free of charge. Customer may perform an audit or inspection no more than once a year unless special circumstances are at hand, such as if Customer can show that there is reason to believe that Mention is in breach of this DPA.
5.1. Mention may use sub-processors for the Processing of Personal Data under this DPA. Should Mention wish to appoint or replace a sub-processor, Mention must first notify Customer who may object to such measures within ten (10) days. Customer’s objection must be based on reasonable grounds, for example if Customer can show that the use of the intended sub-processor causes significant risks in relation to the protection of the Personal Data. If Customer and Mention are unable to settle the objection, Mention has the right to immediately terminate the Main Agreement, including for the sake of clarity the DPT and this DPA, by giving Customer written notice to that effect.
5.2. In case Mention uses sub-processors, data processing agreements shall be concluded between Mention and such sub-processor. Such data processing agreement shall ensure that the sub-processor undertakes the same obligations regarding protection of Personal Data as set forth in this DPA and shall provide sufficient guarantees that the sub-processor will perform appropriate technical and organisational measures in a manner that ensures that the Processing complies with Applicable Data Protection Law. If Mention uses sub-processors, Mention shall be fully responsible, with the limitations set out in the Main Agreement and the DPT, for the acts and omissions of such sub-processors in relation to Customer.
6. Processing of Personal Data in countries outside EU/EEA
Unless otherwise agreed, Mention may Process Personal Data in a country outside of the EU/EEA. Mention shall then ensure that such Processing at all times complies with Applicable Data Protection Law. This may e.g. be achieved by establishing a binding agreement, in accordance with the applicable EU Commission Model Contracts for the transfer of Personal Data to third countries, between Mention and any sub-processors. Processing in a country outside the EU/EEA may also take place on the basis of a valid adequacy decision, such as the EU-U.S. Privacy Shield Framework, or on the basis of binding corporate rules that have been approved by the relevant supervisory authorities, to the extent Mention and the relevant sub-processors have adopted the same binding corporate rules.
Version: September, 2019
These terms and conditions (the General Terms and Conditions) apply to Mention Solutions SAS’s (Mention) corporate registration number 790 841 266, at the address 16 Passage Jouffroy, 75009 Paris, France, provision of services, (the Services) (as defined in the Order Form) to Customer and state the conditions under which the Services may be used. The General Terms and Conditions represent together with a signed order form (the Order Form) the valid agreement (the Main Agreement) between the parties during the Paid Subscription Period and the Free subscription period (as defined below) . What is stated in the Order Form takes precedence over what is stated in the General Terms and Conditions if the content of the documents should differ. By signing an Order Form, or by accepting these General Terms and Conditions upon a sign up procedure, or in any other way, you hereby confirm that you are authorized to bind the Customer through such execution.
1. The Services
The Services means the at all times current version of the web services, associated software, and other services related thereto provided to the Customer by Mention in accordance with the Main Agreement. The Services are offered as a Software as a Service with the characteristics and features as described at www.Mention.com. In addition, the Services may include additional services and add-ons, including professional services, third party software and services, as agreed between the Customer and Mention. If third party services are ordered through the Services, Customer may be obliged to accept such third party terms and conditions in order to get access to such services.
Agreed professional services will be defined in the Order Form.
Mention is constantly working to develop and improve the Services. Mention reserves the right to implement new versions, upgrades and packaging of the Services including, but not limited to, changes that effect modifications to the design, operational method, technical specifications, systems, and other functions, etc. of the Services, at any time without prior notice. Customer will be informed in advance should Mention assess the changes to be of essential importance for Customer.
2. Access to the Services, Passwords etc
Mention safeguards the Services and it is important that they can be used securely and safely.
The Customer shall ensure that user identities and passwords for accessing the Services are stored and used in a secure manner and cannot be accessed and thereby used by unauthorised third parties. The Customer shall be liable for any unauthorised use of the customer’s user identities to access the Services.
Where it is suspected that any unauthorised person has become aware of a user identity and/or password, the Customer shall immediately inform Mention thereof and also change such user identity and/or password.
Mention reserves the right to close Customer’s access to the Services at any time if Mention considers that Customer is in breach of the Main Agreement or that there is a security risk at hand.
3. Use of the Services
The Services may be used by Customers being legal entities and organisations, and by consumers, and in accordance with the Main Agreement and security and administrative instructions sent to Customer from time to time, such as information via the Services, direct messages to Customer or via www.Mention.com. The Customer shall be responsible for the activities conducted by the Customer (its employees, consultants, directors, agent or any other authorised by Customer) within the Services and shall use the Services in compliance with all applicable laws in conjunction therewith. All Content uploaded to, transferred through, publicly posted, processed or entered into the Services by the Customer shall be the sole responsibility of the Customer.
Customer shall use the Services solely for its internal business purposes and shall not: (i) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the Services available to any third party (ii) send spam or otherwise duplicative or unsolicited messages in violation of applicable laws; (iii) knowingly send or store material containing software viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs, allow a “bot” or other not approved automated process to interact with the Services; (iv) interfere with or disrupt the integrity or performance of the Services or the data contained therein; or (v) attempt to gain unauthorized access to the Services or its related systems or networks. Customer shall not (i) modify, copy or create derivative works based on the Services or (ii) disassemble, reverse engineer, or decompile the Services.
4. Customer Content
It is of outmost importance that the rights of others are respected in the use of the Services. All Content uploaded to, transferred through, published, processed or entered into the Services by the Customer shall be the sole responsibility of the Customer. This shall also in all aspects be applicable for Content produced by Mention as part of agreed provided professional services to Customer. The Customer shall be responsible for monitoring its Content and shall be liable vis-à-vis Mention for ensuring that Content published by the Customer does not infringe any third party rights nor in any other manner violates the Main Agreement, Mention’s instructions and applicable law, and that the Content otherwise is appropriate. The Customer must therefore analyse and critically assess its obligations before publishing Content via the Services.
Among other things, this means that Customer must ensure that it does not, through Customer’s Content:
- - breach the Terms of Service of Twitter, Facebook , Instagram , Linkedin and any other third party service that Customer accesses through use of the Services;
- - commit a criminal act;
- - slander, defame, persecute, discriminate against (with regard to e.g. race, skin colour, nationality or ethnic origin, religious belief or sexual orientation, disability or illness), threaten or in any other way violate or attack another person or his or her rights;
- - distribute material that is inappropriate, vulgar, offensive, dishonest, unsuitable, racist, pornographic or sexist;
- - send, or allow to be sent, unordered advertising such as spam or otherwise use the Services to transfer or publish Content that mainly consists of concrete commercial offers, e.g. advertisements, click through offers and price lists or similar;
- - copy, sell, disseminate, publish or use Mention’s or any of Mention’s other customer’s or users’ Content or other material (if you have not obtained express consent for this);
- - claim to be anyone else or in any other way give a false description of Customer’s connection with another person or organisation;
- - make available such material that Customer does not have the right to publish according to law or because of an agreement or obligation of loyalty (such as trade secrets, insider information or confidential information);
- - breach any applicable data protection legislation; or
- - infringe, assist in infringing, or enable others to infringe, any patent, trademark, trade secret, copyright, neighbouring rights, registered or unregistered design protection or other intellectual property rights.
Customer must also ensure that it has adequate rights to publish the Content via the Services, and by publishing the Content Customer guarantees to have such rights. Customer is obliged to:
- - have received all necessary consents from relevant third parties, or ensure that there is another legal ground for the processing, so that the processing, including publishing of Content via the Services does not infringe anyone else’s rights;
- - ensure that there is a legal ground for the publishing from all persons who are visible in images or in films uploaded, to the extent required by law;
Mention may at its sole discretion, at any time and without prior notice thereof to Customer, delete, partially or in whole, published Content if Mention assess it to be in breach of the Main Agreement. Mention shall inform Customer about the deletion and the reason for it.
5. Mention’s use of Customer Content
In order for Mention to provide the Services to Customer, Customer hereby gives Mention a non-exclusive, free of charge, global and otherwise unrestricted right to, for the purpose of providing services to Customer, process, use, publish, copy and make available Content, directly or indirectly.
6. Processing of personal data
The effect of the Main Agreement and the Customer’s use of the Services will include certain processing of personal data. The parties will take on different roles and responsibilities with regard to the processing of such personal data. The parties hereby agree, in order to ensure a prudent and correct processing of personal data in relation to applicable data protection legislation, Including but not limited to the French Data Protection act ("Loi n°2018-493 on the protection of personal data") and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR”), that the attached Data Protection Terms, including Data Processing Agreement shall form an integrated and binding part of these General Terms and Conditions and the Main Agreement. In the event of any conflict between these General Terms and Conditions, the Data Protection Terms/Data Processing Agreement shall prevail.
7. Accessibility and security
Mention undertakes, in its sole discretion, to adopt reasonable measures in order to ensure that the Services are available over the Internet around the clock, seven (7) days a week. Mention shall be entitled to take measures that affect the aforementioned accessibility where Mention deems such to be necessary for technical, maintenance, operational, or security reasons. Customer is aware and accept that maintenance, upgrades, bugs and other planned or unplanned causes or circumstances can lead to interruptions or faults in the Services. Customer can access status.Mention.com to get information on the current operational status of the Services. The Customer is aware and acknowledges that the Customer’s access to the Internet cannot be guaranteed and that Mention shall never be liable for deficiencies in the Customer’s own Internet connections or equipment. Mention shall adopt reasonable measures to ensure that the security of the Services meet relevant industry standards. Mention’s security measures are set forth in the Security Policy as applicable from time to time, which is available on this link.
8. Support service
Should any questions arise about the use of the Services, Mention provides customer support services. Contact information and opening hours of the support service may be found on Mention’s website.
9. Term and termination
The Services, as set out in the Order Form, are available between the dates of subscription start and subscription end as stated in the Order Form (the Paid Subscription Period). The Main Agreement is valid during the Paid Subscription Period. Upon expiration of the Paid Subscription Period, the Paid Subscription and the Main Agreement will be automatically renewed with successive renewal terms at Mention then current terms and conditions (the Renewal Period). If neither party has terminated the Paid Subscription in writing no later than 90 calendar days prior to the Paid Subscription Period ends (or the expiry of the subsequently extended Renewal Periods), the duration of the Paid Subscription Period and the Main Agreement is extended by the same length of time as the Paid Subscription Period.
If no date is stated for subscription end in the Order Form or in an online sign-up form, the Services are available for one (1) month from the date of subscription start and the Main Agreement will then apply during this period.
After the Paid Subscription Period or a cost free trial period has ended, the Services are automatically downgraded to the subscription type “Free”. The Main Agreement is valid during the Free subscription period. The Main Agreement can under a Free subscription period be terminated by either party subject to written notice or, when available, by use of an online module.
Mention may always, with immediate effect, terminate the Main Agreement earlier than what is stated above if Customer
- - significantly or repeatedly fails in obligations under the Main Agreement and do not take action to correct this within 30 days of receipt of a written request to do so from Mention, or
- - enters into bankruptcy, enters into a deed of arrangement, suspends payments, is the subject of a company reconstruction or in any other way may be at risk of becoming insolvent.
10. Limited Warranty and Complaints
Mention warrants to the Customer that the Services will perform substantially and materially in accordance with what is presented on Mention’s website, under normal use and circumstances, and for the purpose intended. This warrant does not apply under any trial period or Free subscriptions. Except for the express warranties set forth above and to the extent permitted by law, Mention disclaims all other warranties with respect to the Services, whether express or implied, including without limitation, fitness for a particular purpose, accuracy or reliability of results from use of the Services, that the Services will meet specific requirements, that the Services will be uninterrupted, completely secure or free of software errors.
If the Services do not fulfil what Mention has guaranteed, Customer may send a complaint to Mention, requesting a reasonable reduction of charged fees for the defective period. Such complaint must include a description of what it is in the Services that Customer finds defective. Such complaint must be submitted to Mention no later than six (6) months after Customer discovered (or ought to have discovered) the defect.
11. Limitation of liability etc.
Except for any legal responsibility that Mention cannot exclude in law (such as mandatory product liability, personal injury or death), Mention is not liable for loss of income, profits and savings, loss of contracts, loss of production, loss of goodwill, loss of data or other information, claims by third parties, consequential loss or any other indirect loss. Further, Mention’s aggregate liability in any one calendar year shall not exceed the sum that Customer has paid Mention during the same calendar year.
Mention is not liable for the permanent and uninterrupted availability of the Services or any other loss or outcome arising from any of the situations, including lack of accessibility and security, interruptions, risks and faults, referenced in Section 7.
With regards to content, material or any third party services, Mention does not guarantee that any content, material or service that is provided by third parties is correct, reliable, complete, accessible or lawful and Mention is not liable for any damage or loss related to defects in such content, material or service.
The Customer shall defend and indemnify Mention for any claim, suit or proceeding brought against Mention by any third party arising out of or connected to Customer’s use of the Services including claims related to Content published by the Customer within the Services.
12. Prices and payment
The Customer shall pay compensation for the Services in accordance with the fees set out in the Order Form or otherwise agreed. Notwithstanding the above, Mention may for each Renewal Period increase its fees with not more than five (5) per cent unless Customer is provided with a notice of new pricing not less than 120 days prior to the applicable Renewal Period. Payment shall, if not otherwise stated in the Order Form, be made in advance, against Mention’s invoice or, if applicable, through the use of a credit card. Payment must reach Mention in full within stipulated payment term set out in the Order Form. If Customer should pay Mention’s invoice late or fails to pay at all, Mention may charge interest for late payment with an interest rate of eight (8) percent per annum, as well as reminder charges and compensation for any debt recovery costs, in addition to any other remedies Mention may have.
The Customer undertakes to make payment of invoices, in the currency stated on the invoice, to the account stated on the invoice.
Without prejudice to its other rights, Mention may temporarily disable the Customer’s access to the Services in the event the Customer has overdue payments in excess of twenty (20) days. In addition, Mention may terminate the Main Agreement, delete and destroy the Customer’s Content in the event of overdue payments in excess of forty (40) days.
In the event of early termination of the Main Agreement due to Customer’s breach the Customer shall not be entitled to a refund of any prepaid fees.
13. Force Majeure
Neither party is responsible for faults or delay in the fulfilment of undertakings according to the Main Agreement if such faults or delays are caused by reasons or circumstances that cannot be controlled including, but not limited to, interruption or fault in the Internet or network, telecommunications, electricity supply or other infrastructure, general labour conflicts, war, fire, lightning strike, terrorist attack, DDoS attacks or similar attacks attempting to disrupt normal data traffic, changes in the regulations of the authorities or faults or delays in services from sub-contractors because of any of these circumstances.
14. Intellectual Property Rights
All intellectual property rights relating to Mention, Mention’s Services, website and other related services, such as patents, design patents, design and pattern rights, copyright, neighbouring rights, moral rights, trade secrets and know-how, rights to databases, trademarks, company names, rights according to marketing legislation and all other intellectual property rights, in all cases regardless of whether registered or registrable, and all applications for registration of any of the above-named rights as well as the right to apply for these, and all rights and forms of protection of a similar character or that have a similar effect as these anywhere in the world, are and remain Mention’s or Mention’s licence providers’ property. Use of the Services does not in any way represent a transfer or assignment of such intellectual property rights to Customer.
All Customer Content published through the Services by the Customer shall remain the sole property of the Customer or its respective legal owner. Any rights to Content produced by Mention on behalf of the Customer as part of provided professional services shall also vest in Customer.
Both parties undertake to treat information that may be considered to be the other party’s business or trade secret (regardless of whether it is verbal, in writing, electronic or in some other form) as confidential, unless the party providing the information gives express written consent otherwise. This means that neither party may divulge such information to a third party or use such information for any purpose other than the fulfilment or implementation of the Main Agreement. Both parties must also ensure that any employees, agents or others that such information is revealed to follow this undertaking. This obligation of confidentiality applies for two (2) years after the Main Agreement has been terminated. The obligation of confidentiality does not however apply to information that is generally known or that a party can demonstrate that the party was aware of by some other means than through the Main Agreement. Neither does the obligation of confidentiality apply when a party is obliged to provide the information in accordance with law, regulations or the decisions of the authorities.
Customer can contact Mention by post to Mention Solutions SAS, 16, Passage Jouffroy, 75009 Paris, France or by e-mail to firstname.lastname@example.org.
When Mention needs to contact Customer, Mention will use the postal address or e-mail address that Customer has provided in the Order Form. Customer is required to make sure that such contact information is updated.
Mention may also send Customer marketing communications regarding Mention products, services and events.
17. Changes to the Terms and Conditions and the Main Agreement
Mention may change the General Terms and Conditions. If such changes materially changes Customer’s right or obligations, the Customer shall be informed of such changes by e-mail, or through information being made available within the Services or on Mention’s web site. Any changes come into force one (1) month after Mention has, as set out above, informed Customer thereof.
18. Transfer of the Services
The Main Agreement is valid between the parties and may not be assigned or transferred unless agreed in writing. However, Mention may, in full or in part, transfer the provision of the Services to another company in the same group as Mention. All rights and obligations that apply between Customer and Mention will then instead apply between the Customer and the company that takes over the Services.
19. Applicable law and disputes
The Main Agreement and the relationship between Customer you and Mention will, unless otherwise stipulated in mandatory applicable law, be interpreted and applied in accordance with French law (although with the exception of such international civil law provisions that involve the application of the law in any other jurisdiction). Disputes arising from the Main Agreement or the relationship between the parties will, unless otherwise stipulated in mandatory applicable law, be decided by the general courts, with the Tribunal de Commerce de Paris as the first instance.