Terms and Conditions
Find here every legal detail you need to know about how Mention works.
Version: January 27th, 2021
During your use of the website https://mention.com/fr/ (hereafter referred to as the “Website”), we may require you to provide us with personal data about yourself, in order for you to be able to use our services.
The purpose of this privacy statement is to tell you more about how we process your personal data.
Who is the data controller?
The data controller is the company Mention Solutions SAS (also referred to as “we”, “us” or “our”), RCS Paris no. 790 841 266, situated at the following address: 16, Passage Jouffroy, 75009 Paris, France
How do we process personal data?
In this section, you can learn more about the personal data we process and why, the manner in which it is collected, the processing activities involved, the persons with whom we share the data, including information concerning the transfer of personal data outside the EU/EEA and the length of time for which we store your data.
2.1. What personal data do we process?
Personal data is defined as any data which makes it possible to identify an individual. The types of personal data we process are the following:
- Your name and contact details, such as your email address, telephone number, location, job title and information about the company you represent and any agreements you have made with us, either in your own name or on behalf of your company;
- Your account details, including the username / user ID, the password in encrypted form, information about unique identifiers such as API tokens, the profile photo, the biography and information concerning other social media profiles (such as Facebook, Twitter, LinkedIn, Skype or Google accounts) which you have linked to your user account;
- Personal and professional preferences including interests, subscriptions and language settings;
- Information about the browser, for example the browser type and version, any website from which you have been referred, the time zone from which you are visiting us; the pages you have visited on our Website; your IP address and an approximate estimate of your location based on your IP address; information concerning your activity on the web or your interaction in the emails we send you; information about your use of our services.
- Transaction-related data (including bank details and data related to your bank card and invoices, etc.)
2.2. Why do we process your personal data?
In this sub-section, we describe when and why we process your personal data. Your data is processed for one or several end purposes. Each end purpose is associated with a legal basis and its corresponding data retention period. Please see the list below. Under no circumstances will your personal data be used in any manner which is incompatible with the end purposes for which it was collected.
Data retention period
The provision of our services available on our Website (access to our various functions and features, the creation and administration of your account, the processing of your contact details for the making or finalisation of any agreement with you or your company, the billing of professional assistance services and training services).
The implementation of the contract we have signed with you or your company.
Once you have created an account on our Website, your data will be stored for the lifetime of your account plus an additional period of 3 years from the date your account is deleted.
Your data may nevertheless be archived for evidential purposes for a period of 5 years.
Concerning your bankcard data, this is stored by our payment services provider for the lifetime of your account.
Data concerning the card security code or CVV2, shown on your bank card is not stored.
Compilation of invoices
Legal and accountancy-related obligations
Stored for a period of 10 years.
Improvements to our services (generating statistics and analysing how you use our services, doing market research and customer satisfaction surveys, obtaining feedback from you)
Your data will be stored for 2 years following the deletion of your account.
Facilitating the use of the Website (including by testing, carrying out breakdown repairs, correcting bugs and modifying the interface, to ensure that you can easily access the information you’re looking for or by highlighting popular functions and features)
The data is stored for 3 years from the date of your last active contact.
Direct marketing (sending our customers general information and marketing messages about our services)
The data is stored for 3 years from the date of your last active contact.
Sending demos to our B2B prospects
Pre-contractual actions undertaken at your request
The data is stored for 3 years from the date of your last active contact.
Sending sales and business-related messages
The data is stored for 3 years from the date of your last active contact.
Receiving your applications for our job vacancies
The data is stored for 2 years from the date of the last contact with the unsuccessful candidate.
Creating a database of existing and prospective customers
If you’re a customer, the data is stored for the lifetime of the business relationship and is deleted upon expiry of a 3-year period following the end of the business relationship.
For prospective customers, the data is stored for 3 years from the date of your last active contact.
Responding to your requests for information
The data is stored for the time required to process your request for information and deleted once the request for information has been processed.
Managing requests to exercise rights
If we request proof of identity from you: we only store it for the time needed to verify your identity. Once the verification is complete, the item of proof in question will be deleted.
If you exercise your right of objection concerning the use of your data for prospection: we will store this information for 3 years.
2.3 How do we share your personal data?
The personal data we collect is shared with other companies belonging to the Mention group and with our third-party suppliers and other third-parties listed below, for the provision of our services, including for platform development and maintenance purposes. This may involve the coordination of your personal data with other registers.
Here are the types of third parties with which we share your personal data:
- Service providers: we use third-party service providers to manage certain aspects of our business operations. We share personal data with these third parties concerning the IT infrastructure, the operation and hosting services, market research and communications, financial and payment services, customer services and IT services such as IT support, maintenance and development.
- Partners and resellers: if you use services supplied by our partners where those services are incorporated into our own services, our partners will have access to your personal data. Similarly, following your free trial, your personal data may be forwarded to our resellers so that you may be referred to the appropriate contacts according to your location. Our list of resellers may be viewed here. Personal data collected by our partners and resellers is covered by their own personal data processing conditions and policies.
- Sale or transfer of the company or its assets: your personal data may be transferred or divulged to a buyer or potential buyer in the event of the sale or transfer of all or part of our activities or assets, in as far as this is allowed and in compliance with the applicable data protection laws.
- People in your network and the general public: if you choose to publish your personal data when using our services, for example when sending content, replying to tweets or messages or entering messages in other people’s comment boxes, you are making this information visible to the general public. If your email address is used to send newsletters or to publish on social media accounts, it will become visible to the recipients of those newsletters.
- For security reasons: we can share your personal data when this is required by law, to protect you or our clients or to ensure the security of our services.
2.4. Transferring your personal data outside the EU/EEA
Your data is stored on the servers located at OVH, Online by Scaleway and AWS for the whole duration of the processing.
Concerning the tools and resources we use (please see 2.3 regarding the recipients of your personal data), your data may be transferred outside the European Union. Such transfers of your data are governed by the following requirements, among others:
- either this data is transferred to a company which has been judged as offering a suitable level of protection by a decision of the European Commission;
- or we have concluded a specific contract with our sub-processors governing the transfers of your data outside the European Union, based on the European Commission’s standard clauses;
- or our sub-processors have put in place other appropriate guarantees under the terms of the personal data protection regulations.
At the following address, you can view the list of countries which, according to the European Commission, offer a suitable level of protection for data: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.
You can consult the European Commission’s standard clauses at the following address: http://eur-lex.europa.eu/eli/dec/2010/87/oj.
We have taken a number of security measures to guarantee the security of the personal data we store. For example, access to areas in which personal data is stored is limited to only those of our employees and service providers who need it in the performance of their duties, and who are informed of the importance of ensuring the security and privacy of the personal data we store. We maintain appropriate guarantees and security standards to protect your personal data against any access, disclosure or unauthorised or ill-intentioned use. We also monitor our systems to detect any vulnerabilities, to protect your personal data. We invite you to consult our security policy for further information.
4. Your rights
4.1 Rights of access and rectification
- Right of access: you have the right to access all of your personal data at any time.
- Right of rectification: you have the right to rectify any of your personal data which is inaccurate, incomplete or outdated at any time.
4.2. Right to deletion
You have the right to demand that your personal data be deleted and to prohibit any future collection
4.3. Right to restriction of processing
You have the right to restrict the processing of your personal data in certain cases defined in Article 18 of the GDPR.
4.4. Right of objection
You have the right to object to the processing of your personal data. Please note however that we may continue processing the said data despite this objection on legitimate grounds or to defend our rights before the courts.
Your personal data will not be processed for purposes related to direct marketing if you object to such processing.
4.5 Right to personal data portability
If you have supplied us with your personal data and the processing of your personal data is based on the performance of a contract with you or pre-contractual measures undertaken at your request, you have the right to receive the personal data concerning you in a structured, commonly used, machine-readable format in order to be able to forward this to another service provider if this is technically possible and can be performed by automated means.
4.6. Right to submit a complaint to a relevant supervisory authority
At any time, you can submit a complaint to the supervisory authority if you feel that our processing is being performed in violation of the applicable data protection law. Please note that you are still cordially invited to contact us in such a case.
4.7. Point of contact for personal data matters
You can exercise these rights by writing to us at the addresses shown below. When you do so, we may ask you to provide us with additional information or documents to prove your identity.
Contact email address: privacy@Mention.com
Contact postal address: 16, Passage Jouffroy, 75009 Paris
We can modify this policy at any time, including in order to ensure that we comply with any changes in regulations or case law, or editorial or technical changes. These modifications will apply on the date on which the modified version becomes effective. You are therefore invited to regularly consult the latest version of this policy.
Version: September 20th, 2019
Mention Solutions SAS, headquarters in Paris (France), is a modern Software-as-a-Service (SaaS) company using third-party cloud-providers and modern agile product development processes to be able to provide a competitive product in a fast-moving landscape.
Mention security measurements are compliant with applicable law and are following industry security standards for cloud services.
Mention is ultimately owned by NHST Media Group AS in Norway, who is governing all companies in the group with an information security policy.
Technical and organisational measures
Mention servers are hosted on OVH, Online by Scaleway and AWS.
Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
OVH certifications can be found at: https://www.ovh.com/world/about-us/certifications.xml
All our servers are located within EU.
Mention services have a goal of being available 99.99% on a yearly basis. Health status for Mention services can be found on status.mention.com.
Mention is written in the web framework Symfony and has been tried by the open source community in terms of security. Mention Technologies are built in PHP, Go and Python. Applications are running in security patched linux environments.
Employees and consultants at Mention may be granted access to production data by granularity levels. Two-factor authentication is enabled when applicable. Changes to customer’s content through the services are logged.
Mention are performing backup of customer data. Backups of customer data are kept for 30 days for system recovery. Application logs are stored in separate systems and are retained for a longer time for information security consistency.
Mention uses automatic code-tests to ensure that new changes doesn’t break existing functionality. All code is also being reviewed by another person before merged into the master code tree. On top of that we have a manual Q&A process for testing new functionality before it’s being released to production.
Code updates to production environment is done on a daily basis. Each release to production carries information with traceability.
Security & Privacy Governance
Mention have assigned Data Privacy Officers within the company that are governing technical and organisational measures on how we are processing personal data according to applicable law. Mention have designated people that are working together with NHST Media Group to ensure compliance with NHST information security policy.
Employees, contractors, sub-processors
All devices of Mention employees are individually password-protected and encrypted as defined in an internal IT-policy.
Mention has established a routine for managing personal data breaches with an escalation program to ensure that we can notify affected parties as soon as possible and that we can report about an incident within 72 hours to the data authority in France (CNIL).
Version: September 20th, 2019
These Data Protection Terms (the “DPT”) have been entered into by and between Customer and Mention Solution SAS (each a “Party” and collectively the “Parties”). The Parties have agreed as follows:
1.1. Customer and Mention have entered into an agreement regarding Mention’s provision of Services to the Customer (below the “Main Agreement”). These DPT set out and describe different aspects and obligations of the Parties with regard to the Processing of Personal Data that may take place when Customer uses these Services or otherwise as an effect of the Main Agreement.
1.2. Furthermore, the Parties may in respect of their relationship and in relation to the Processing of Personal Data described in Clause 1.1 take on different roles and responsibilities. These DPT clarify when the Parties act as Data Controller and when Mention acts as Data Processor and Processes Personal Data on behalf of Customer, as well as the Parties’ obligations and responsibilities in relation hereto.
1.3. Also, Applicable Data Protection Law stipulates that when a Data Processor Processes Personal Data on behalf of a Data Controller, such relationship shall be governed by a contract. Appendix 1 (the “DPA”) has been established to comply with the requirements on such contracts, for the situation where Mention acts as Data Processor. The DPA forms an integral part of these DPT.
1.4. Terms used herein shall have the same meaning as set out elsewhere in the Main Agreement and as set out in Applicable Data Protection Law.
1.5. With respect of the above, the Parties have agreed as follows.
In these DPT:
“Applicable Data Protection Law”
means any and all data protection laws and regulations applicable from time to time on the Processing of Personal Data under these DPT, Including but not limited to the French Data Protection act ("Loi n°2018-493 on the protection of personal data") and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation)(“GDPR”).
means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data
means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Data Controller.
means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
means any information relating to a Data Subject.
“Processing (of Personal Data)”
means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. Obligations and responsibilities
It is important for Mention to safeguard personal integrity and ensure that any Processing of Personal Data within the Services is correct and lawful. Therefore, Mention’s Services may only be used in accordance with Applicable Data Protection Law.
3.2. Processing of Personal Data of the Parties’ employees and/or representatives
3.2.1. Each Party may as an effect of the Main Agreement and these DPT
Process contact information, and possibly also other Personal Data, of the
other Party’s employees and/or representatives. Such Processing may be for
communication and invoicing purposes and otherwise to manage each Party’s
relationship with the other Party. Each Party shall ensure that the other
Party has the right to Process such Personal Data belonging to such
employees and/or representatives of that Party, to the extent necessary for
the first Party’s fulfilment of the Main Agreement and these DPT.
3.2.2. Customer’s employees and/or representatives may create user accounts for their use of Mention’s Services. Mention’s Processing of Personal Data of such Data Subject is, in addition to what is covered by Clause 3.2.1, subject to the direct relationship between Mention and such employee and/or representative and covered by Mention’s relevant terms for user accounts including relevant privacy notice or similar.
3.3. Publishing of Content containing Personal Data on the Mention platform
Customer may publish Content online using Mention’s platform. Customer acts as Data Controller for such Processing to the extent such Content contains Personal Data. Mention is the Data Processor in relation to Customer for the provision of a publishing function on its platform and when Mention publishes Content on Customer’s behalf and instruction.
3.4. The Parties’ obligations in their capacity as Data Controller
3.4.1. Each of the Parties shall, when it acts as Data Controller under these DPT, ensure and be responsible for compliance with the requirements on such Data Controller as set out in Applicable Data Protection Law, including, but not limited to, ensuring a legal ground applicable to its Processing, taking appropriate measures to inform Data Subjects about relevant Processing of Personal Data and facilitating the exercise of Data Subjects’ rights in relation to such Processing. Each of the Parties shall also ensure and be responsible for compliance with any other legislation applicable to its Processing under these DPT. Customer shall thus ensure and be responsible for obtaining consent from Data Subject for send-outs containing marketing messages to the extent such consent is necessary according to applicable law.
3.4.2. Customer shall at all times respect Data Subjects’ exercise of their rights according to Applicable Data Protection Law. Customer may thus not within the Services Process the Personal Data of any Data Subject which has objected to, opted-out from or otherwise opposed such Processing or which has requested the erasure of its Personal Data from the Services.
3.5. Restrictions in relation to Sensitive Personal Data
Customer is aware that the Services are not intended to collect, manage or in any other way Process special categories of Personal Data (so called “Sensitive Personal Data”). Customer is further aware that such Processing is prohibited according to Applicable Data Protection Law, except where an exception set out in such law is applicable. Customer shall, to the extent it Processes special categories of Personal Data in its use of the Services be fully responsible thereto and at all times hold Mention harmless from any liability that may result from Customer’s use of the Services to Process Sensitive Personal Data.
3.6. Restrictions in relation to Personal Data gained access to through the Services
3.6.1. Except for as expressly set out herein, Customer may not, during the term of these DPT or thereafter, to any third parties disclose, misuse or use for any other purpose or in any other way than for its use of the Services, Personal Data gained access to as a result of its use of the Services. For the sake of clarity, such data include, but is not limited to, the following:
Personal Data included in materials produced by Mention’s media monitoring and media analysis services.
3.6.2. Except for as expressly set out herein, Mention may not, during the term of these DPT or thereafter, to any third parties disclose, misuse or use for any other purpose or in any other way than for Customer’s use of the Services Personal Data gained access to from Customer.
3.6.3. The restrictions set out in this Clause 3.7 do not apply to information that is generally known or that the Party subject to the restriction is obliged to provide in accordance with law, regulations or the decisions of the authorities.
3.7. Mention’s Processing of data for the purposes of providing the
Mention may however at all times Process Personal Data and other data that Customer has uploaded to the platform for the purposes of providing its Services, including for improving the Services and ensuring and improving the IT security of the Services. Mention may, for a period of 12 months from the creation of the file, for these purposes create and keep a log file on Customer’s employees’ and/or representatives’ use of and actions within Mention’s Services. Mention acts as Data Controller for such Processing of Personal Data for its own purposes.
4. Obligation to provide contact information of data protection officer
If Customer has appointed a data protection officer, Customer shall provide contact information of such data protection officer to Mention in order for Mention to be able to disclose such contact information to Data Subjects, as the case may be.
5.1. Each Party shall, with the limitations set out in the Main Agreement (Section 11), indemnify and hold the other Party harmless from any and all damages, claims, losses, costs and expenses of any kind which is attributable to the first Party’s Processing of Personal Data in breach of these DPT and/or Applicable Data Protection Law, unless the first Party can show that it, or its sub-processor if applicable, is not in any way accountable.
5.2. Each Party shall within reasonable time notify the other Party in writing if it receives a claim for damages or other liability and provide the other Party with sufficient insight to the documentation in order for such Party to prepare its defence and/or limit the damage.
6. Survival of obligations
On termination of the Main Agreement and accordingly these DPT, regardless of the reason for such termination, provisions contained in these DPT that are expressed or by their sense and context are intended to survive the expiration or termination of these DPT, shall so survive the expiration or termination and continue in full force and effect.
7.1. These DPT, including its Appendix, form an integral part of the Main Agreement and any provisions in the Main Agreement applicable for the subject of these DPT shall apply also in relation hereto. For the sake of clarity, such provisions include, but are not limited to, the provisions in the General Terms and Conditions regarding term and termination (Section 9), limitation of liability (Section 11) and changes to the Main Agreement (Section 17) which shall thus apply also in relation to these DPT. In case of conflict between the Main Agreement and these DPT, these DPT shall however take precedence in relation to the Processing of Personal Data that is subject to these DPT.
Appendix 1 - Data Processing Agreement (the “DPA”)
1.1. Applicable Data Protection Law sets out that when a Data Processor Processes Personal Data on behalf of a Data Controller, such relationship shall be governed by a contract. This DPA has been established to comply with the requirements on such contract and shall apply only when Mention acts as Data Processor on behalf of Customer.
1.2. It follows from Clauses 3.3 and 3.4 of the DPT in which situations that Mention acts as Data Processor on behalf of Customer.
1.3. The type of Personal Data Processed under this DPA, the categories of Data Subjects that the Personal Data concern, and the nature and purpose of the Processing under this DPA are set forth in Clause 3 of the DPT.
2.Processing of Personal Data
2.1. Mention’s general obligations as Data Processor
2.1.1. When Processing Personal Data under this DPA, Mention shall comply with Applicable Data Protection Law.
2.1.2. Mention shall ensure that persons authorised to Process, on behalf of Mention, the Personal Data Processed under this DPA, have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
2.1.3. Taking into account the nature of the Processing, Mention shall assist Customer by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Customer's obligation to respond to requests for exercising Data Subject's rights under Applicable Data Protection Law.
2.1.4. Taking into account the nature of the Processing and the information available to Mention, Mention shall assist Customer in ensuring compliance with Customer’s obligations pursuant to Applicable Data Protection Law, including (where applicable) its obligations to (i) implement appropriate technical and organisational measures, (ii) notify personal data breaches to the supervisory authority, (iii) inform Data Subjects of personal data breaches, (iv) carry out data protection impact assessments, and (v) carry out prior consultation with the supervisory authority.
2.2. Customer’s Instructions
2.2.1. Mention may only Process Personal Data on behalf of Customer in accordance with the documented instructions from Customer, set out in the Main Agreement including, for the sake of clarity, the DPT and this DPA or as otherwise communicated by Customer to Mention, unless required to do so by EU law (including the laws of its member states) to which Mention is subject; in such a case, Mention shall inform Customer of that legal requirement before Processing, unless EU law prohibits Mention from informing Customer on important grounds of public interest.
2.2.2. Mention shall immediately inform Customer if, in its opinion, an instruction is in breach of Applicable Data Protection Law and await further instructions. Customer shall provide Mention with the necessary instructions within reasonable time. If Customer does not provide such instructions Mention may take necessary measures to ensure compliance with Applicable Data Protection Law. For the avoidance of doubt, this does not affect Customer’s responsibility under the Main Agreement including, for the sake of clarity, the DPT and this DPA.
2.3. Duration of Processing
2.3.1. Mention shall Process Customer’s Personal Data under this DPA for the duration of the Main Agreement. Mention shall at all times respect Customer’s request to delete Personal Data Processed under this DPA and shall also at all times respect Data Subject’s opt-out from Contacts (by registering the Data Subject’s email address in order to identify it as blocked from Processing and keeping the request for a reasonable period of time).
2.3.2. Mention shall delete, or at Customer’s request return to Customer, all Personal Data Processed under this DPA after such period of time set out in Clause 2.3.1 of this DPA, including deleting existing copies, unless EU law (including the laws of its member states) requires storage of the Personal Data.
3. Security of Processing
3.1. Mention shall implement appropriate technical and organisational measures in accordance with Applicable Data Protection Law to ensure a level of security appropriate to the risk, including inter alia as appropriate:
the pseudonymisation and encryption of Personal Data;
the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services;
the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing; and
maintaining, updating and storing logs regarding the Personal Data, maintaining a secure IT environment, and establishing and maintaining physical safety measures and routines. Logs will be stored for 12 months.
3.2. Mention shall be prepared to follow any decisions from the supervisory
authorities regarding measures needed to meet legal security requirements.
3.3. Mention shall notify Customer, without undue delay, after becoming aware of a personal data breach (as defined in Applicable Data Protection Law) affecting the Personal Data Processed under this DPA and provide Customer with any information reasonably required by Customer regarding such personal data breach.
4. Information and audits
Customer shall have the right to obtain information from Mention and to verify the measures taken by Mention in accordance with Clauses 2.1.4 and 3.1 of this DPA. Mention shall allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer. The purpose of such audits shall be to verify Mention’s compliance with the obligations laid down in this DPA. Any audits shall be at Customer’s expense but Mention shall provide any required assistance free of charge. Customer may perform an audit or inspection no more than once a year unless special circumstances are at hand, such as if Customer can show that there is reason to believe that Mention is in breach of this DPA.
5.1. Mention may use sub-processors for the Processing of Personal Data under this DPA. Should Mention wish to appoint or replace a sub-processor, Mention must first notify Customer who may object to such measures within ten (10) days. Customer’s objection must be based on reasonable grounds, for example if Customer can show that the use of the intended sub-processor causes significant risks in relation to the protection of the Personal Data. If Customer and Mention are unable to settle the objection, Mention has the right to immediately terminate the Main Agreement, including for the sake of clarity the DPT and this DPA, by giving Customer written notice to that effect.
5.2. In case Mention uses sub-processors, data processing agreements shall be concluded between Mention and such sub-processor. Such data processing agreement shall ensure that the sub-processor undertakes the same obligations regarding protection of Personal Data as set forth in this DPA and shall provide sufficient guarantees that the sub-processor will perform appropriate technical and organisational measures in a manner that ensures that the Processing complies with Applicable Data Protection Law. If Mention uses sub-processors, Mention shall be fully responsible, with the limitations set out in the Main Agreement and the DPT, for the acts and omissions of such sub-processors in relation to Customer.
6. Processing of Personal Data in countries outside EU/EEA
Unless otherwise agreed, Mention may Process Personal Data in a country outside of the EU/EEA. Mention shall then ensure that such Processing at all times complies with Applicable Data Protection Law. This may e.g. be achieved by establishing a binding agreement, in accordance with the applicable EU Commission Model Contracts for the transfer of Personal Data to third countries, between Mention and any sub-processors. Processing in a country outside the EU/EEA may also take place on the basis of a valid adequacy decision or on the basis of binding corporate rules that have been approved by the relevant supervisory authorities, to the extent Mention and the relevant sub-processors have adopted the same binding corporate rules.
Version: November 2020
These general terms of sale (hereafter referred to as the “General Terms of Sale”) for the provision to the Client of the services described on the website www.mention.com (hereafter referred to as the “Website”) or in the Purchase Order, as described below (hereafter referred to as the “Services”) apply to the company Mention Solutions SAS (hereafter referred to as “Mention”), registered under number 790 841 266, at the address 16 Passage Jouffroy, 75009 Paris, France. Their purpose is to define the terms and conditions under which the Services will be supplied to the Client and to describe the parties’ related rights and obligations.
The Services are intended exclusively for professionals, this being understood as referring to any natural or artificial persons performing a non-occasional paid activity in all branches of industry and business.
1. The Services
The Services refer at all times to the latest up-to-date version of the Web services, the associated software and other related services supplied to the Client by Mention pursuant to these General Terms of Sale and to the Purchase Order where applicable. The Services are proposed on a SaaS basis (Software as a Service), with the various characteristics and functions described on www.Mention.com (hereafter referred to as the “Solution”). The Services may also include supplementary services and modules, including third-party professional services, software and services, as agreed between the Client and Mention. If third-party services are ordered via the Services, the Client may be obliged to accept these third parties’ general terms and conditions in order to access the services. The supplementary professional services are defined in the Purchase Order. Mention is constantly working to develop and improve the Services. Mention reserves the right to introduce new versions, updates and packages for the Services, including but not limited to modifications affecting the design, operating methods, technical specifications, systems and other functions, etc. of the Services at any time without notice. The Client will be informed in advance if Mention considers the changes as being of vital importance to the Client.
2. Accessing the Services, passwords, etc.
Mention protects the Services and it is important that these may be used under fully secure conditions. The Client must ensure that the usernames and passwords of the users with access to the Solution are stored and used in a secure manner and may not be consulted or used by unauthorised third parties. The Client is responsible for any unauthorised use of the usernames and login information of the Client’s users to access the Services. If the Client suspects that an unauthorised person has become aware of a username and/or a password, the Client must immediately inform Mention of this and also change this username and/or password. Mention reserves the right to terminate the Client’s access to the Services at any time if Mention considers that the Client is failing to comply with the General Terms of Sale or that there is a risk to the security of the Solution and the Services.
3. Use of the Services
The Services may be used by the Clients as legally constituted entities and organisations, pursuant to these General Terms of Sale, to the Purchase Order where applicable, and to the administrative and security instructions sent to the Client by Mention such as information via the Services, direct messages to the Client or via the Website. The Client will be responsible for the activities performed by its users, including its employees, consultants, managers, directors, agents or staff within the Services and will use the Services in accordance with all laws applicable to them. Any content uploaded, transferred, displayed publicly, processed or entered in the Services by the Client (hereafter referred to as the “Client Content”) will be considered the sole responsibility and liability of the latter.
The Client must only use Services for internal business purposes and must not: (i) grant licenses or sublicenses, sell, resell, rent, lease, transfer, assign, distribute, time-share or otherwise exploit the Services or make them available to a third-party; (ii) send spam or other unsolicited messages in violation of the applicable laws; (iii) knowingly send or store material containing computer viruses, worms, Trojan horses or any other malicious IT code, files, scripts, agents or malware, or enable a “bot” or other non-approved automated process to interact with the Services; (iv) interfere with or adversely affect the integrity or performance of the Services or the data they contain; (v) attempt to obtain unauthorised access to the Services or to the related systems or networks. The Client must not (i) modify, copy or create derivative works based on the Solution and/or the Services or (ii) disassemble, reverse engineer or decompile the Solution and/or the Services. The Client guarantees Mention that it possesses all necessary rights and authorisations to circulate this Client Content. It undertakes that the said Client Content is legal, does not infringe public order, public policy, public decency or the rights of third parties, does not infringe any legal or regulatory provision and more generally is in no way likely to result in Mention incurring any civil or criminal liability.
4. Mention Content
During the use of the Services, Mention supplies the Client with content when its search results are displayed (hereafter referred to as the “Mention Content”).
This Mention Content results from the aggregation of data by Mention itself or from third parties. This Mention Content may be subject to copyright or other legal protection provided for under the terms of the applicable regulations, preventing the use of the said Mention Content outside the scope of the Services supplied by Mention.
Consequently, the Client acknowledges and accepts that the Mention Content may only be used within the scope of the Services supplied by Mention. Any use by the Client outside the scope of the Services of Mention Content supplied as part of the Services is prohibited.
Any use by the Client of the Mention Content for purposes other than those covered by the Services will be conducted at its own risk, with Mention granting no guarantees and accepting no liability for such use.
5. Client Content
It is extremely important that the rights of third parties are respected when using the Services. Any Client Content uploaded, transferred, circulated, published, processed or entered in the Solution or within the scope of the Services by the Client will be considered the latter’s sole and exclusive liability. This also applies, in all aspects, to the Mention Content produced by Mention as part of the agreed Services supplied to the Client. The Client will be responsible and liable for monitoring its Client Content and will be considered liable vis-à-vis Mention for ensuring that the Client Content it publishes does not in any way affect third parties and does not violate these General Terms of Sale or the applicable law in any manner and that the Client Content is appropriate. The Client must therefore analyse and critically assess its obligations before publishing Client Content via the Services. Among other things, this means that the Client must ensure that via the Client Content it:
- does not commit any criminal acts;
- does not defame, libel, persecute, slander, discriminate against (on the grounds of race, colour, nationality or ethnic origin, religious convictions or sexual orientation, disability or illness for example), threaten or otherwise harm any other person or their rights, by any means;
- does not distribute inappropriate, vulgar, offensive, dishonest, unsuitable, racist, pornographic or sexist material via the Client Content;
- does not send out or allow to be sent out any unsolicited advertising such as spam, or use the Services in any other manner to transfer or publish Client Content which chiefly comprises concrete business offers and proposals, for example advertising, click offers, price lists or similar content;
- does not copy, sell, circulate, publish or use the Mention Content or any other content or material belonging to Mention or other clients or users (if you have not obtained express consent to do so);
- does not claim to be someone else or to give a false description of the Client’s connection with another person or organisation in any manner;
- does not make available material which the Client is not authorised to publish in accordance with the law, an agreement or any loyalty-related obligation (such as business secrets, insider information or confidential information);
- does not contravene any applicable data protection legislation; and
- does not infringe any patent, trademark, trade secret, copyright, neighbouring rights, protection of designs (whether registered or otherwise), or any other intellectual property right, and does not allow third parties to infringe them.
The Client must also ensure that it possesses the appropriate rights to publish the Client Content via the Services. By publishing the Client Content, the Client guarantees that it possesses these rights. The Client must:
- have received all required consent from the third parties concerned, or have ensured that another legal basis exists for the processing, in order that the processing, including the publication of the Client Content via the Services, does not infringe the rights of any person or organisation;
- ensure that there is a sound legal basis for the publication of images of any persons visible in the uploaded images or films, in as far as this is required by law;
The Client holds Mention harmless against any legal action resulting from any Client Content posted in violation of these General Terms of Sale.
At its sole discretion, Mention may delete all or part of the published Client Content without notice at any time, if Mention considers that it violates these General Terms of Sale. Mention must inform the Client of the said deletion and the reason for this.
6. Use of the Client Content by Mention
In order for Mention to be able to supply the Client with the Services, the Client grants Mention a non-exclusive, free, global and otherwise unlimited right to process, use, publish and copy the Client Content and to make it available, whether directly or indirectly, for the purpose of providing the Services to the Client.
7. The processing of personal data
7.1. The processing of personal data by Mention
The effects of the General Terms of Sale, of the Purchase Order (where applicable) and the use of Services by the Client entail some processing of personal data. The parties must assume various roles and responsibilities concerning the processing of this personal data. For the purpose of processing personal data in a prudent manner compliant with the applicable data protection legislation, including but not limited to the French data protection act (“Law number 78-17 of 6 January 1978 concerning the protection of personal data” as amended) and (EU) regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data and the free circulation of this data (the general data protection regulation or “GDPR”), the parties agree that the attached Data Protection Conditions including the Data Processing Agreement, will be considered an integral and binding part of these General Terms of Sale. In the event of any contradiction with these General Terms of Sale, the Data Protection Conditions / Data Processing Agreement will take precedence.
7.2. The processing of personal data by the Client
In particular, if the Client processes personal data outside the scope of the Services (for example by contacting a person whose contact information has been supplied to the Client as part of the Services, by any means other than those provided as part of the Services), the parties are reminded that this processing is performed under the Client’s sole and exclusive liability, with the Client acting as the data controller. The Client must therefore ensure that the processing of any data complies with the applicable regulations (including in particular the legal basis for the processing and the provision of compulsory information to the data subject) and moreover guarantees Mention against any complaints or claims based on this new processing of the personal data by the Client.
8. Access and security
At its sole discretion, Mention agrees to adopt reasonable measures to ensure that the Services are available on the Internet 24 hours a day, 7 days a week. Mention is entitled to take measures affecting the above-mentioned access when Mention considers this necessary for technical, maintenance, operational or security reasons. The Client acknowledges and accepts that maintenance, updates, bugs and other causes or circumstances, whether planned or unplanned, may result in interruptions to or breakdowns affecting the Services. The Client may visit status.Mention.com to obtain information concerning the current operational status of the services. The Client understands and acknowledges that its access to the Internet cannot be guaranteed and that Mention may under no circumstances be considered liable for any issues with the Client’s Internet-related connections or equipment. Mention must adopt reasonable measures to ensure that the security of the Services complies with the standards applicable in the sector. Mention’s security measures are described in the Security Policy and apply at all times. This Security Policy may be viewed here.
Due to the complexity of the Internet, the unequal performance of different sub-networks, peak use by users of the Solution at certain times and various bottlenecks over which Mention has no control, Mention’s liability will be limited to the operation of its servers, the external limits of which are constituted by their connection points. Mention may not be considered liable for (i) access speeds when accessing its servers, (ii) external slowdowns affecting its servers (iii) poor transmission due to the failure of or problems with these networks. Mention may not be considered liable in the event of intrusions with malicious intent in the storage area reserved for the Client unless it has been demonstrated that the security measures it has introduced were seriously insufficient. Furthermore, Mention may not be considered liable for any lack of vigilance on the part of the Client’s users in maintaining the confidential nature of their usernames and passwords
9. Assistance services
Mention will provide the Client with assistance services if it has any questions concerning the use of the Services. The contact details and opening times of the assistance service can be found on the Mention Website.
10. Contractual term and termination
The Services are provided in the form of a subscription (hereafter referred to as the “Subscription”).
The Subscription begins on the date on which the Client supplies its bank details, for a period of 1 (one) month or 1 (one) year according to the subscription period selected by the Client, from date to date, (hereafter referred to as the “Subscription Period”). If the Subscription is made in the form of a Purchase Order, the Subscription is taken out for the period mentioned in the said Purchase Order.
If the Client enters its bank details before the expiry of the free trial period, the Subscription will begin on the date these details are supplied. The Subscription is then automatically renewed for successive periods of a duration identical to the Subscription Period, from date to date, unless cancelled by Mention or by the Client at least 1 (one) week in the case of a monthly Subscription or 90 (ninety) days in the case of an annual Subscription before the expiry of the period concerned. The Subscription must be cancelled:
- By the Client: by clicking the button provided for this purpose in its Customer Account or by email,
- By MENTION: by email.
The cancellation of the Subscription will take effect at the end of the last day of the Subscription.
Once the paid Subscription Period or the free trial period have ended, the Services will be automatically downgraded to those of the “free” Subscription offer. In the case of a free Subscription Period, the Subscription may be terminated by either party subject to the issuing of written notice, or, where applicable, by means of a dedicated button provided for this purpose.
Mention may always terminate the Subscription with immediate effect earlier than above-mentioned dates if the Client:
- fails to abide by any of the provisions of these General Terms of Sale, or more generally if the client contravenes any laws or regulations and if it takes no steps to rectify such failings within 30 (thirty) days following the receipt of a written request to this effect from Mention, or
- goes bankrupt, enters into a settlement agreement, suspends its payments, is the subject of corporate restructuring measures or risks finding itself in a situation of insolvency in any other circumstances.
11. Guarantee limitations and claims
Mention guarantees the Client that the Services will operate in a substantial and material manner in compliance with what is presented on the Mention Website, under normal conditions and circumstances of use, for the intended purposes and for the sole use of the Mention Content as part of the Services. This guarantee does not apply to the trial period for Subscriptions or to the free Subscription. With the exception of the above-mentioned guarantees and in as far as allowed by law, Mention rejects any other guarantee or warranty concerning the Services, whether express or implicit, including but not limited to their adaptation to a particular use, the accuracy or reliability of the results obtained from using the Services, that the Services meet specific requirements, that the Services will not be interrupted, or that they are fully protected or free of computer errors.
12. Liability limitations, etc.
With the exception of any legal liability which Mention is legally prevented from declining (such as compulsory product-related liability, liability for bodily injury or death, etc.), Mention may not be considered liable for any loss of income, profits or savings, contracts, production, clients, data or other information, and for complaints or claims from third parties, indirect losses and any other consequential losses. Furthermore, Mention’s overall liability within one calendar year may not exceed the amount which the Client has paid Mention during the said calendar year.
Mention is not responsible or liable for ensuring the permanent and uninterrupted availability of the Services or for any other losses or circumstances arising following one of the situations mentioned in Section 8, including a lack of access and security, interruptions, risks and faults.
It should be remembered that Mention is a simple supplier of data aggregation technology. Mention performs no verification of the data issued to the Client via its technology. Consequently, regarding the Mention Content, the third-party services or material, Mention does not guarantee that any Mention Content or any material or service supplied by third parties is totally correct, reliable, complete or accessible, and Mention is not liable for any losses or damage arising from problems with this Mention Content, material or service. The parties are reminded that the Client is only authorised to use the Mention Content for consultation purposes as part of the Services and that any other use of the Mention Content is at the Client’s risk, with no guarantees from Mention.
The Client will defend and compensate Mention for any complaints, claims or proceedings initiated against Mention by a third party arising from the use (or related to the use) of the Services by the Client, including complaints and claims related to the Client Content published by the Client as part of the Services.
13. Prices and payment
In return for the provision of the Solution and the Services, the Client will pay the price stated on the Website according to the offer selected at the time it subscribed to the Services or stated in the Purchase Order. Mention reserves the right to increase its price by a maximum of 5 (five) percent for each renewal period. The Client will be informed of these modifications by Mention by any appropriate written means (including by email) at least 120 (one hundred and twenty) days before the new prices take effect. Once they have taken effect, the new prices will apply when the Subscription renews. Unless stated otherwise in the Purchase Order, payment will be made at the start of each Subscription Period following the issuing of an invoice by Mention, or, where applicable, by credit card. The payment should reach Mention in full within the payment times stated on the invoice or in the Purchase Order where applicable. In the case of late or non-payment by the Client, Mention may invoice it for late payment interest at an interest rate of 8 (eight) percent per annum, in addition to reminder fees and compensation for any recovery costs in addition to those for any other means of redress at Mention’s disposal.
The Client agrees to settle invoices in the currency stated on the invoice, with payment being made to the account stipulated on the invoice.
Without prejudice to its other rights, Mention may temporarily deactivate the Client’s access to the Services in the case of overdue payment exceeding 20 (twenty) days. Additionally, Mention may terminate the Subscription and delete and destroy the Client Content in the case of overdue payment exceeding 40 (forty) days.
In the case of the early termination of this agreement due to non-observance by the Client, the Client is entitled to no reimbursement of any sums paid in advance.
14. Force majeure
Neither of parties may be considered liable for any failings or delays in the performance of their commitments under the terms of these General Terms of Sale if these failings or delays result from a case of force majeure as defined in article 1218 of the French Civil Code. The Parties hereby agree that the term ‘force majeure’ refers to all events normally recognised as such by law and by the French courts, including but not limited to interruptions to or problems with the Internet or networks, telecommunications, power supplies or any other infrastructure, general labour disputes, wars, fires, lightning, epidemics/pandemics, terrorist attacks, DDoS attacks or similar attacks aimed at interrupting the normal movement of data, changes in regulations by the authorities or errors and delays with the services provided by subcontractors due to these circumstances.
15. Intellectual property rights
All intellectual property rights concerning Mention, the Mention Solution, the Mention Services, the Website and all other related services, such as patents, design patents, design rights, copyrights, neighbouring rights, moral rights, business secrets and know-how, rights concerning databases, trademarks, company names, rights relating to business legislation and any other intellectual property right, in all cases, whether registered or registrable, and all applications for registration of any of the above-mentioned rights in addition to the right to apply for registration and all rights and forms of protection of the same nature or having similar effects worldwide are and will remain the property of Mention or its licence providers. Under no circumstances does the use of Services represent a transfer or assignment of these intellectual property rights to the Client.
The Client expressly acknowledges and accepts that any use of the Mention Content outside of the Services may result in an infringement of intellectual property rights, for which the Client will be considered solely liable. Any Client Content published by the Client via the Services remains the exclusive property of the Client or its respective legal owner. All rights concerning the Mention Content produced by Mention in the Client’s name as part of the professional services supplied will also be considered the property of the Client.
16. Privacy & confidentiality
Both parties agree to treat information which may be considered as the other party’s professional or business secrets (whether in verbal, written or electronic form or in any other form) as private and confidential, unless the party supplying the said information expressly gives its written consent to the contrary. This means that neither party may divulge this information to a third party or use this information for purposes other than the performance or implementation of this agreement. Both parties must also ensure that this commitment is observed and respected by all employees, staff, agents or other persons to whom such information is revealed. This privacy and confidentiality obligation will continue to apply for 2 (two) years after the termination of this agreement. However, the privacy and confidentiality obligations will not apply to information which is widely known or for which a party can demonstrate that it became aware of the information via any means other than these General Terms of Sale. The privacy and confidentiality obligations will also not apply when a party is required to supply the information in compliance with a law, a regulation or a decision by the authorities.
The Client may contact Mention by post at Mention Solutions SAS, 16, Passage Jouffroy, 75009 Paris, France or by e-mail at support@Mention.com.
When Mention needs to contact the Client, Mention will use the postal address or e-mail address which the client supplied at the time it subscribed to the Services or contained in the Purchase Order. The Client is responsible for ensuring that this contact information is kept up to date.
Mention may also send marketing communications to the Client concerning Mention’s products, services and events.
18. Modifications to the General Terms of Sale
Mention may modify the General Terms of Sale. If such changes significantly modify the Client’s rights and obligations, the Client will be informed of these changes by email or via information provided within the Services or on the Mention Website. All changes will take effect 1 (one) month after Mention has informed the Client of them, as stated above.
19. Business references
Unless expressly stated in the Purchase Order or notified to Mention by any appropriate written method, the Client authorises Mention to use its name, brand, logo and website details as business references on any media and in any form.
20. The transfer of services
These General Terms of Sale are valid between the parties and cannot be transferred or disposed of without written authorisation. However, Mention may wholly or partially transfer the provision of the Services to another company belonging to the same group as Mention. All rights and obligations existing between the Client and Mention will then apply between the Client and the company assuming the provision of the Services.
21. Applicable law and dispute resolution
Unless other provisions apply concerning the mandatory applicable law, these General Terms of Sale and the relationship between the Client, you and Mention will be interpreted and applied pursuant to French law. Unless otherwise stipulated by the over-riding applicable law, any disputes arising as a result of these General Terms of Sale or the relationship between the parties will be settled by the French general courts and the Tribunal de Commerce de Paris (Paris Commercial Court) in first instance.