Terms and Conditions
Find here every legal detail you need to know about how Mention works.
Version: September 20th, 2019
Mention has appointed Haas Société d’Avocats as its Data Protection Officer (DPO). Haas Société d’Avocats can be contacted via dpo@Mention.com.
How do we process personal data?
In this section, you can read about which personal data we process and why, how it is collected, the processing activities involved, with whom we share the data, including information regarding transfers of personal data outside the EU/EEA and the time period during which we store your data.
We may process your personal data when you directly provide it to us, as a customer or when you interact with us.
We may also process your personal data when we provide our services to our customer. In this situation, our processing is solely due to the fact that personal information about you is included within the content we provide to our customers (ex: your name in your Twitter ID).
2.1. Which personal data do we process?
The categories of personal data we process are the following:
- Name and contact details such as your email address, telephone number, location, professional title, and information regarding the company you represent as well as any agreements you have entered into with us on your or your company’s behalf;
- - Account details, including username/userID, password in encrypted form, information regarding unique identifiers such as API tokens, profile picture, bio, and information relating to other social media profiles (such as Facebook, Twitter, LinkedIn, Skype or Google accounts) you have linked to your user account;
- - Personal and professional preferences, including interests, subscriptions and language settings;
- - Browser information, e.g. type and version of browser, any website from which you have been referred, which time zone you visit us from; pages you visit on our website; your IP-address and a rough location estimate based on your IP-address; information about your web activity or your interaction in emails we send to you; information on your use of our services.
- When your personal data is embedded in the content we display, any data which has been displayed by the initial poster of said content (ex: name, photo).
2.2. Why we process your personal data
In this subsection, we describe when and why we process your personal data. Your personal data will not be used in any manner that is incompatible with the purposes for which they were collected.
2.2.1. Provide our services
We process your personal data to provide you or your company with our services and to communicate with you. This includes providing you access to our different features, administering your account, processing your contact information in connection with entering into or completing an agreement with you or your company, invoicing your company and providing support, training, professional services and general information regarding our services to you. Our processing for the purpose of providing our services is based on our legitimate interest to do so or on your prior consent (where applicable, such as when you sign up for an account).
2.2.2. Improve our services
We process your personal data to improve our services and make them more user friendly (e.g. by testing and troubleshooting, fixing bugs and amending the interface in order for you to easily reach the information that you seek or highlighting popular functions). This includes producing statistics on and analyzing how you use our services and performing market research and customer satisfaction surveys and getting your feedback through other feedback functions. For these purposes, we also use your personal data based on your web activity and activity associated with emails we send to you, including how you use our website and services, your interests, professional title and company and similarities with other users’ interests and user patterns (so called profiling and segmentation). To the extent possible, we use your personal data in an aggregated or anonymized form in this processing.Our processing for the purpose of improving our services is based on our legitimate interest to do so.
2.2.3. Direct marketing
We also use your personal data to communicate with you about our services, to inform you about our terms and conditions and to send you marketing messages. However, marketing messages will only be sent to you if you have opted-in through the double opt-in procedure to receive marketing messages (to the extent such procedure is required by applicable law). You may opt-out from further marketing messages at any time by using the un-subscription link provided in every marketing message. Our processing for the purpose of direct marketing is based on our legitimate interest to promote our services or on your prior consent (such as when you sign up for marketing messages).
2.2.4. Display content to our customers
We may process your personal data when we display content to our customers. By doing this, we may display any information which is already displayed within the source document. For example, if you are the author of a newspaper article and our customer is interested in the topic it covers, your article and your name may be displayed to our customer. Our processing for this purpose is based on our legitimate interest to provide our services to our customers.
In this context, your personal data may originate directly from the original website where said data has been displayed and that Mention has collected, or from one of the data providers which provide us with content to be displayed to our customers.
2.3. How we collect your personal data
2.4. How we share your personal data
The personal data that we collect is shared with other companies in the Mention group as well as with our third party suppliers and other third parties listed below, for the provision of our services, including for our developing and maintenance of the platform. This may involve coordination of your personal data with other registers.
These are the types of third parties with whom we share your personal data:
- – Our customers who access content relating to the mentions they select.
- - Service providers: We use third party service providers to manage some aspects of our business operations. We share personal data with such third parties with regard to IT infrastructure, operating and hosting services, marketing research and communications, financial and payment services, customer services and IT services such as IT support, maintenance and development.
- - Partners: If you use services that are provided by our partners and which are integrated with our services our partners gain access to your personal data. The personal data collected by our partners is covered by their own conditions and policies for processing of personal data.
- - Sale or transfer of business or assets: Your personal data may, to the extent allowed and in accordance with applicable data protection law, be transferred or disclosed to a purchaser or prospective purchaser in the event of a sale, assignment, or other transfer of all or a portion of our business or assets.
- - Persons in your network and the general public: If you choose to publish your personal data when using our services, such as in connection with uploading content, responding to tweets or posts, or making an entry in the comments fields of others, you make this information visible to the general public. If your email address is used to send news bulletins or to publish on Social Media accounts it will become visible to the recipients of the bulletins.
- - For security reasons: We may share your personal data when this is required by law, to protect you or our customers or for the security of our services.
2.5. Transfer of your personal data outside the EU/EEA
When another company in the Mention group, our service providers, partners or any potential purchaser of our business or assets are located in or have business activities in a country outside the EU/EEA, we may transfer your personal data to such countries. In the event of such transfer it will be made in accordance with applicable data protection law, for example by ensuring that the country in which the recipient is located ensures an adequate level of data protection according to the European Commission or by use of standard contractual clauses that the European Commission has issued ensuring suitable measures to safeguard your rights and freedoms.
You may access a list of the countries that the European Commission has decided provide an adequate level of data protection at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.
You may access the European Commission’s standard contractual clauses at http://eur-lex.europa.eu/eli/dec/2010/87/oj.
2.6. For how long do we store your personal data?
We will only store your personal data for as long as necessary for the purposes they were collected and to fulfill our legal duties to store data otherwise, but no longer than permitted by applicable law.
We have routines in place to remove personal data that is no longer necessary or allowed to store, including removing personal data related to deleted accounts at least once a year.
If your personal data is embedded in the content we display, we will store it for a maximum period of two years before deletion.
We have taken a number of security measures to ensure that the personal data we keep is secure. For example, access to areas where personal data is stored is limited to our employees and service providers who require it in the course of their duties and who are informed of the importance of maintaining the security and confidentiality of the personal data we keep. We maintain appropriate safeguards and security standards to protect your personal data against unauthorized access, disclosure or misuse. We also monitor our systems to discover vulnerabilities in order to protect your personal data.
4.2. Right of access and rectification
You have the right to information regarding which of your personal data we process and to access and rectify such personal data. You may access and amend some of the information we keep on you through your account settings. To learn more about the information we store about you, please do not hesitate to email privacy@Mention.com and specify which information you request access to or information regarding.
4.3. Right to erasure
You may request that we erase your personal data without undue delay in the following circumstances:
- - the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- - you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing;
- - you object to our processing of personal data and we do not have any overriding legitimate grounds for the processing;
- - the processed personal data is unlawfully processed; or
- - the processed personal data has to be erased for compliance with legal obligations.
We may deny your request if we are prevented from erasing your personal data by requirements set out in applicable laws and regulations (e.g. in relation to accounting and tax legislation) or if they are needed for the establishment, exercise or defence of legal claims. If we cannot meet your request, we will instead restrict the personal data so they cannot be used for another purpose than the purpose preventing the erasure.
- the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing;
- you object to our processing of personal data and we do not have any overriding legitimate grounds for the processing;
- the processed personal data is unlawfully processed; or
- the processed personal data has to be erased for compliance with legal obligations.
4.4. Right to restriction
You have the right to restrict the processing of your personal data in the following circumstances:
- - you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data;
- - the processing is unlawful and you oppose erasure of the personal data and request restriction instead;
- - the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defence of legal claims;
- - you have objected to the processing of the personal data in accordance with section 4.5 below, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.
If your personal data has been restricted in accordance with this section they may, with exception of storage, only be processed for the establishment, exercise or defence of legal claims, or for the protection of the rights of a third party or for reasons of important public interest according to EU or EU member state legislation.
- you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data;
- the processing is unlawful and you oppose erasure of the personal data and request restriction instead;
- the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defence of legal claims;
- you have objected to the processing of the personal data in accordance with section 4.5 below, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.
4.5. Right to object
You have the general right to object to our processing of your personal data when it is based on our legitimate interest. If you object and we believe that we may still process your personal data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Your personal data will not be processed for purposes related to direct marketing if you oppose such processing.
If we process your personal data while displaying content to our customers (purpose described in 2.2.4. above), your right to object shall be unconditional and Mention waives its right to oppose its potential compelling legitimate interest.
4.6. Right to data portability
If your personal data has been provided by you and our processing of your personal data is based on your consent or on the performance of a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.
4.7. Right to withdraw consent
When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. You may withdraw your consent through your account settings by deleting your account. Please note that the lawfulness of processing based on consent before its withdrawal is not affected.
4.8. Right to determine the fate of your data upon death
You may send us your instructions on what we should do with your personal data in the event of your death. This could for example ease and fasten personal data transmission to your beneficiary or the deletion of your data.
4.9. Right to file a complaint
You may at any time lodge a complaint with the supervisory authority if you believe that our processing is performed in breach of applicable data protection law. Please note that you are also always welcome to contact us in such event.
4.10. Personal data protection is paramount at Mention.
In order to exercise these rights, email us at email@example.com with the following information:
- Your full name;
- The email address for reply;
- The detailed purpose of your request (what right(s) you would like to exercise);
- A proof of your identity by any means.
Mention’s GDPR team will get back to you as soon as possible.
Version: September 20th, 2019
Mention Solutions SAS, headquarters in Paris (France), is a modern Software-as-a-Service (SaaS) company using third-party cloud-providers and modern agile product development processes to be able to provide a competitive product in a fast-moving landscape.
Mention security measurements are compliant with applicable law and are following industry security standards for cloud services.
Mention is ultimately owned by NHST Media Group AS in Norway, who is governing all companies in the group with an information security policy.
Technical and organisational measures
Mention servers are hosted on OVH, Online by Scaleway and AWS.
Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
OVH certifications can be found at: https://www.ovh.com/world/about-us/certifications.xml
All our servers are located within EU.
Mention services have a goal of being available 99.99% on a yearly basis. Health status for Mention services can be found on status.mention.com.
Mention is written in the web framework Symfony and has been tried by the open source community in terms of security. Mention Technologies are built in PHP, Go and Python. Applications are running in security patched linux environments.
Employees and consultants at Mention may be granted access to production data by granularity levels. Two-factor authentication is enabled when applicable. Changes to customer’s content through the services are logged.
Mention are performing backup of customer data. Backups of customer data are kept for 30 days for system recovery. Application logs are stored in separate systems and are retained for a longer time for information security consistency.
Mention uses automatic code-tests to ensure that new changes doesn’t break existing functionality. All code is also being reviewed by another person before merged into the master code tree. On top of that we have a manual Q&A process for testing new functionality before it’s being released to production.
Code updates to production environment is done on a daily basis. Each release to production carries information with traceability.
Security & Privacy Governance
Mention have assigned Data Privacy Officers within the company that are governing technical and organisational measures on how we are processing personal data according to applicable law. Mention have designated people that are working together with NHST Media Group to ensure compliance with NHST information security policy.
Employees, contractors, sub-processors
All devices of Mention employees are individually password-protected and encrypted as defined in an internal IT-policy.
Mention has established a routine for managing personal data breaches with an escalation program to ensure that we can notify affected parties as soon as possible and that we can report about an incident within 72 hours to the data authority in France (CNIL).
Version: September 20th, 2019
These Data Protection Terms (the “DPT”) have been entered into by and between Customer and Mention Solution SAS (each a “Party” and collectively the “Parties”). The Parties have agreed as follows:
1.1. Customer and Mention have entered into an agreement regarding Mention’s provision of Services to the Customer (below the “Main Agreement”). These DPT set out and describe different aspects and obligations of the Parties with regard to the Processing of Personal Data that may take place when Customer uses these Services or otherwise as an effect of the Main Agreement.
1.2. Furthermore, the Parties may in respect of their relationship and in relation to the Processing of Personal Data described in Clause 1.1 take on different roles and responsibilities. These DPT clarify when the Parties act as Data Controller and when Mention acts as Data Processor and Processes Personal Data on behalf of Customer, as well as the Parties’ obligations and responsibilities in relation hereto.
1.3. Also, Applicable Data Protection Law stipulates that when a Data Processor Processes Personal Data on behalf of a Data Controller, such relationship shall be governed by a contract. Appendix 1 (the “DPA”) has been established to comply with the requirements on such contracts, for the situation where Mention acts as Data Processor. The DPA forms an integral part of these DPT.
1.4. Terms used herein shall have the same meaning as set out elsewhere in the Main Agreement and as set out in Applicable Data Protection Law.
1.5. With respect of the above, the Parties have agreed as follows.
In these DPT:
“Applicable Data Protection Law”
means any and all data protection laws and regulations applicable from time to time on the Processing of Personal Data under these DPT, Including but not limited to the French Data Protection act ("Loi n°2018-493 on the protection of personal data") and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation)(“GDPR”).
means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data
means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Data Controller.
means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
means any information relating to a Data Subject.
“Processing (of Personal Data)”
means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. Obligations and responsibilities
It is important for Mention to safeguard personal integrity and ensure that any Processing of Personal Data within the Services is correct and lawful. Therefore, Mention’s Services may only be used in accordance with Applicable Data Protection Law.
3.2. Processing of Personal Data of the Parties’ employees and/or representatives
3.2.1. Each Party may as an effect of the Main Agreement and these DPT
Process contact information, and possibly also other Personal Data, of the
other Party’s employees and/or representatives. Such Processing may be for
communication and invoicing purposes and otherwise to manage each Party’s
relationship with the other Party. Each Party shall ensure that the other
Party has the right to Process such Personal Data belonging to such
employees and/or representatives of that Party, to the extent necessary for
the first Party’s fulfilment of the Main Agreement and these DPT.
3.2.2. Customer’s employees and/or representatives may create user accounts for their use of Mention’s Services. Mention’s Processing of Personal Data of such Data Subject is, in addition to what is covered by Clause 3.2.1, subject to the direct relationship between Mention and such employee and/or representative and covered by Mention’s relevant terms for user accounts including relevant privacy notice or similar.
3.3. Publishing of Content containing Personal Data on the Mention platform
Customer may publish Content online using Mention’s platform. Customer acts as Data Controller for such Processing to the extent such Content contains Personal Data. Mention is the Data Processor in relation to Customer for the provision of a publishing function on its platform and when Mention publishes Content on Customer’s behalf and instruction.
3.4. The Parties’ obligations in their capacity as Data Controller
3.4.1. Each of the Parties shall, when it acts as Data Controller under these DPT, ensure and be responsible for compliance with the requirements on such Data Controller as set out in Applicable Data Protection Law, including, but not limited to, ensuring a legal ground applicable to its Processing, taking appropriate measures to inform Data Subjects about relevant Processing of Personal Data and facilitating the exercise of Data Subjects’ rights in relation to such Processing. Each of the Parties shall also ensure and be responsible for compliance with any other legislation applicable to its Processing under these DPT. Customer shall thus ensure and be responsible for obtaining consent from Data Subject for send-outs containing marketing messages to the extent such consent is necessary according to applicable law.
3.4.2. Customer shall at all times respect Data Subjects’ exercise of their rights according to Applicable Data Protection Law. Customer may thus not within the Services Process the Personal Data of any Data Subject which has objected to, opted-out from or otherwise opposed such Processing or which has requested the erasure of its Personal Data from the Services.
3.5. Restrictions in relation to Sensitive Personal Data
Customer is aware that the Services are not intended to collect, manage or in any other way Process special categories of Personal Data (so called “Sensitive Personal Data”). Customer is further aware that such Processing is prohibited according to Applicable Data Protection Law, except where an exception set out in such law is applicable. Customer shall, to the extent it Processes special categories of Personal Data in its use of the Services be fully responsible thereto and at all times hold Mention harmless from any liability that may result from Customer’s use of the Services to Process Sensitive Personal Data.
3.6. Restrictions in relation to Personal Data gained access to through the Services
3.6.1. Except for as expressly set out herein, Customer may not, during the term of these DPT or thereafter, to any third parties disclose, misuse or use for any other purpose or in any other way than for its use of the Services, Personal Data gained access to as a result of its use of the Services. For the sake of clarity, such data include, but is not limited to, the following:
Personal Data included in materials produced by Mention’s media monitoring and media analysis services.
3.6.2. Except for as expressly set out herein, Mention may not, during the term of these DPT or thereafter, to any third parties disclose, misuse or use for any other purpose or in any other way than for Customer’s use of the Services Personal Data gained access to from Customer.
3.6.3. The restrictions set out in this Clause 3.7 do not apply to information that is generally known or that the Party subject to the restriction is obliged to provide in accordance with law, regulations or the decisions of the authorities.
3.7. Mention’s Processing of data for the purposes of providing the
Mention may however at all times Process Personal Data and other data that Customer has uploaded to the platform for the purposes of providing its Services, including for improving the Services and ensuring and improving the IT security of the Services. Mention may, for a period of 12 months from the creation of the file, for these purposes create and keep a log file on Customer’s employees’ and/or representatives’ use of and actions within Mention’s Services. Mention acts as Data Controller for such Processing of Personal Data for its own purposes.
4. Obligation to provide contact information of data protection officer
If Customer has appointed a data protection officer, Customer shall provide contact information of such data protection officer to Mention in order for Mention to be able to disclose such contact information to Data Subjects, as the case may be.
5.1. Each Party shall, with the limitations set out in the Main Agreement (Section 11), indemnify and hold the other Party harmless from any and all damages, claims, losses, costs and expenses of any kind which is attributable to the first Party’s Processing of Personal Data in breach of these DPT and/or Applicable Data Protection Law, unless the first Party can show that it, or its sub-processor if applicable, is not in any way accountable.
5.2. Each Party shall within reasonable time notify the other Party in writing if it receives a claim for damages or other liability and provide the other Party with sufficient insight to the documentation in order for such Party to prepare its defence and/or limit the damage.
6. Survival of obligations
On termination of the Main Agreement and accordingly these DPT, regardless of the reason for such termination, provisions contained in these DPT that are expressed or by their sense and context are intended to survive the expiration or termination of these DPT, shall so survive the expiration or termination and continue in full force and effect.
7.1. These DPT, including its Appendix, form an integral part of the Main Agreement and any provisions in the Main Agreement applicable for the subject of these DPT shall apply also in relation hereto. For the sake of clarity, such provisions include, but are not limited to, the provisions in the General Terms and Conditions regarding term and termination (Section 9), limitation of liability (Section 11) and changes to the Main Agreement (Section 17) which shall thus apply also in relation to these DPT. In case of conflict between the Main Agreement and these DPT, these DPT shall however take precedence in relation to the Processing of Personal Data that is subject to these DPT.
Appendix 1 - Data Processing Agreement (the “DPA”)
1.1. Applicable Data Protection Law sets out that when a Data Processor Processes Personal Data on behalf of a Data Controller, such relationship shall be governed by a contract. This DPA has been established to comply with the requirements on such contract and shall apply only when Mention acts as Data Processor on behalf of Customer.
1.2. It follows from Clauses 3.3 and 3.4 of the DPT in which situations that Mention acts as Data Processor on behalf of Customer.
1.3. The type of Personal Data Processed under this DPA, the categories of Data Subjects that the Personal Data concern, and the nature and purpose of the Processing under this DPA are set forth in Clause 3 of the DPT.
2.Processing of Personal Data
2.1. Mention’s general obligations as Data Processor
2.1.1. When Processing Personal Data under this DPA, Mention shall comply with Applicable Data Protection Law.
2.1.2. Mention shall ensure that persons authorised to Process, on behalf of Mention, the Personal Data Processed under this DPA, have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
2.1.3. Taking into account the nature of the Processing, Mention shall assist Customer by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Customer's obligation to respond to requests for exercising Data Subject's rights under Applicable Data Protection Law.
2.1.4. Taking into account the nature of the Processing and the information available to Mention, Mention shall assist Customer in ensuring compliance with Customer’s obligations pursuant to Applicable Data Protection Law, including (where applicable) its obligations to (i) implement appropriate technical and organisational measures, (ii) notify personal data breaches to the supervisory authority, (iii) inform Data Subjects of personal data breaches, (iv) carry out data protection impact assessments, and (v) carry out prior consultation with the supervisory authority.
2.2. Customer’s Instructions
2.2.1. Mention may only Process Personal Data on behalf of Customer in accordance with the documented instructions from Customer, set out in the Main Agreement including, for the sake of clarity, the DPT and this DPA or as otherwise communicated by Customer to Mention, unless required to do so by EU law (including the laws of its member states) to which Mention is subject; in such a case, Mention shall inform Customer of that legal requirement before Processing, unless EU law prohibits Mention from informing Customer on important grounds of public interest.
2.2.2. Mention shall immediately inform Customer if, in its opinion, an instruction is in breach of Applicable Data Protection Law and await further instructions. Customer shall provide Mention with the necessary instructions within reasonable time. If Customer does not provide such instructions Mention may take necessary measures to ensure compliance with Applicable Data Protection Law. For the avoidance of doubt, this does not affect Customer’s responsibility under the Main Agreement including, for the sake of clarity, the DPT and this DPA.
2.3. Duration of Processing
2.3.1. Mention shall Process Customer’s Personal Data under this DPA for the duration of the Main Agreement. Mention shall at all times respect Customer’s request to delete Personal Data Processed under this DPA and shall also at all times respect Data Subject’s opt-out from Contacts (by registering the Data Subject’s email address in order to identify it as blocked from Processing and keeping the request for a reasonable period of time).
2.3.2. Mention shall delete, or at Customer’s request return to Customer, all Personal Data Processed under this DPA after such period of time set out in Clause 2.3.1 of this DPA, including deleting existing copies, unless EU law (including the laws of its member states) requires storage of the Personal Data.
3. Security of Processing
3.1. Mention shall implement appropriate technical and organisational measures in accordance with Applicable Data Protection Law to ensure a level of security appropriate to the risk, including inter alia as appropriate:
the pseudonymisation and encryption of Personal Data;
the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services;
the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing; and
maintaining, updating and storing logs regarding the Personal Data, maintaining a secure IT environment, and establishing and maintaining physical safety measures and routines. Logs will be stored for 12 months.
3.2. Mention shall be prepared to follow any decisions from the supervisory
authorities regarding measures needed to meet legal security requirements.
3.3. Mention shall notify Customer, without undue delay, after becoming aware of a personal data breach (as defined in Applicable Data Protection Law) affecting the Personal Data Processed under this DPA and provide Customer with any information reasonably required by Customer regarding such personal data breach.
4. Information and audits
Customer shall have the right to obtain information from Mention and to verify the measures taken by Mention in accordance with Clauses 2.1.4 and 3.1 of this DPA. Mention shall allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer. The purpose of such audits shall be to verify Mention’s compliance with the obligations laid down in this DPA. Any audits shall be at Customer’s expense but Mention shall provide any required assistance free of charge. Customer may perform an audit or inspection no more than once a year unless special circumstances are at hand, such as if Customer can show that there is reason to believe that Mention is in breach of this DPA.
5.1. Mention may use sub-processors for the Processing of Personal Data under this DPA. Should Mention wish to appoint or replace a sub-processor, Mention must first notify Customer who may object to such measures within ten (10) days. Customer’s objection must be based on reasonable grounds, for example if Customer can show that the use of the intended sub-processor causes significant risks in relation to the protection of the Personal Data. If Customer and Mention are unable to settle the objection, Mention has the right to immediately terminate the Main Agreement, including for the sake of clarity the DPT and this DPA, by giving Customer written notice to that effect.
5.2. In case Mention uses sub-processors, data processing agreements shall be concluded between Mention and such sub-processor. Such data processing agreement shall ensure that the sub-processor undertakes the same obligations regarding protection of Personal Data as set forth in this DPA and shall provide sufficient guarantees that the sub-processor will perform appropriate technical and organisational measures in a manner that ensures that the Processing complies with Applicable Data Protection Law. If Mention uses sub-processors, Mention shall be fully responsible, with the limitations set out in the Main Agreement and the DPT, for the acts and omissions of such sub-processors in relation to Customer.
6. Processing of Personal Data in countries outside EU/EEA
Unless otherwise agreed, Mention may Process Personal Data in a country outside of the EU/EEA. Mention shall then ensure that such Processing at all times complies with Applicable Data Protection Law. This may e.g. be achieved by establishing a binding agreement, in accordance with the applicable EU Commission Model Contracts for the transfer of Personal Data to third countries, between Mention and any sub-processors. Processing in a country outside the EU/EEA may also take place on the basis of a valid adequacy decision or on the basis of binding corporate rules that have been approved by the relevant supervisory authorities, to the extent Mention and the relevant sub-processors have adopted the same binding corporate rules.
Version: November 2020
These general terms of sale (hereafter referred to as the “General Terms of Sale”) for the provision to the Client of the services described on the website www.mention.com (hereafter referred to as the “Website”) or in the Purchase Order, as described below (hereafter referred to as the “Services”) apply to the company Mention Solutions SAS (hereafter referred to as “Mention”), registered under number 790 841 266, at the address 16 Passage Jouffroy, 75009 Paris, France. Their purpose is to define the terms and conditions under which the Services will be supplied to the Client and to describe the parties’ related rights and obligations.
The Services are intended exclusively for professionals, this being understood as referring to any natural or artificial persons performing a non-occasional paid activity in all branches of industry and business.
1. The Services
The Services refer at all times to the latest up-to-date version of the Web services, the associated software and other related services supplied to the Client by Mention pursuant to these General Terms of Sale and to the Purchase Order where applicable. The Services are proposed on a SaaS basis (Software as a Service), with the various characteristics and functions described on www.Mention.com (hereafter referred to as the “Solution”). The Services may also include supplementary services and modules, including third-party professional services, software and services, as agreed between the Client and Mention. If third-party services are ordered via the Services, the Client may be obliged to accept these third parties’ general terms and conditions in order to access the services. The supplementary professional services are defined in the Purchase Order. Mention is constantly working to develop and improve the Services. Mention reserves the right to introduce new versions, updates and packages for the Services, including but not limited to modifications affecting the design, operating methods, technical specifications, systems and other functions, etc. of the Services at any time without notice. The Client will be informed in advance if Mention considers the changes as being of vital importance to the Client.
2. Accessing the Services, passwords, etc.
Mention protects the Services and it is important that these may be used under fully secure conditions. The Client must ensure that the usernames and passwords of the users with access to the Solution are stored and used in a secure manner and may not be consulted or used by unauthorised third parties. The Client is responsible for any unauthorised use of the usernames and login information of the Client’s users to access the Services. If the Client suspects that an unauthorised person has become aware of a username and/or a password, the Client must immediately inform Mention of this and also change this username and/or password. Mention reserves the right to terminate the Client’s access to the Services at any time if Mention considers that the Client is failing to comply with the General Terms of Sale or that there is a risk to the security of the Solution and the Services.
3. Use of the Services
The Services may be used by the Clients as legally constituted entities and organisations, pursuant to these General Terms of Sale, to the Purchase Order where applicable, and to the administrative and security instructions sent to the Client by Mention such as information via the Services, direct messages to the Client or via the Website. The Client will be responsible for the activities performed by its users, including its employees, consultants, managers, directors, agents or staff within the Services and will use the Services in accordance with all laws applicable to them. Any content uploaded, transferred, displayed publicly, processed or entered in the Services by the Client (hereafter referred to as the “Client Content”) will be considered the sole responsibility and liability of the latter.
The Client must only use Services for internal business purposes and must not: (i) grant licenses or sublicenses, sell, resell, rent, lease, transfer, assign, distribute, time-share or otherwise exploit the Services or make them available to a third-party; (ii) send spam or other unsolicited messages in violation of the applicable laws; (iii) knowingly send or store material containing computer viruses, worms, Trojan horses or any other malicious IT code, files, scripts, agents or malware, or enable a “bot” or other non-approved automated process to interact with the Services; (iv) interfere with or adversely affect the integrity or performance of the Services or the data they contain; (v) attempt to obtain unauthorised access to the Services or to the related systems or networks. The Client must not (i) modify, copy or create derivative works based on the Solution and/or the Services or (ii) disassemble, reverse engineer or decompile the Solution and/or the Services. The Client guarantees Mention that it possesses all necessary rights and authorisations to circulate this Client Content. It undertakes that the said Client Content is legal, does not infringe public order, public policy, public decency or the rights of third parties, does not infringe any legal or regulatory provision and more generally is in no way likely to result in Mention incurring any civil or criminal liability.
4. Mention Content
During the use of the Services, Mention supplies the Client with content when its search results are displayed (hereafter referred to as the “Mention Content”).
This Mention Content results from the aggregation of data by Mention itself or from third parties. This Mention Content may be subject to copyright or other legal protection provided for under the terms of the applicable regulations, preventing the use of the said Mention Content outside the scope of the Services supplied by Mention.
Consequently, the Client acknowledges and accepts that the Mention Content may only be used within the scope of the Services supplied by Mention. Any use by the Client outside the scope of the Services of Mention Content supplied as part of the Services is prohibited.
Any use by the Client of the Mention Content for purposes other than those covered by the Services will be conducted at its own risk, with Mention granting no guarantees and accepting no liability for such use.
5. Client Content
It is extremely important that the rights of third parties are respected when using the Services. Any Client Content uploaded, transferred, circulated, published, processed or entered in the Solution or within the scope of the Services by the Client will be considered the latter’s sole and exclusive liability. This also applies, in all aspects, to the Mention Content produced by Mention as part of the agreed Services supplied to the Client. The Client will be responsible and liable for monitoring its Client Content and will be considered liable vis-à-vis Mention for ensuring that the Client Content it publishes does not in any way affect third parties and does not violate these General Terms of Sale or the applicable law in any manner and that the Client Content is appropriate. The Client must therefore analyse and critically assess its obligations before publishing Client Content via the Services. Among other things, this means that the Client must ensure that via the Client Content it:
- does not commit any criminal acts;
- does not defame, libel, persecute, slander, discriminate against (on the grounds of race, colour, nationality or ethnic origin, religious convictions or sexual orientation, disability or illness for example), threaten or otherwise harm any other person or their rights, by any means;
- does not distribute inappropriate, vulgar, offensive, dishonest, unsuitable, racist, pornographic or sexist material via the Client Content;
- does not send out or allow to be sent out any unsolicited advertising such as spam, or use the Services in any other manner to transfer or publish Client Content which chiefly comprises concrete business offers and proposals, for example advertising, click offers, price lists or similar content;
- does not copy, sell, circulate, publish or use the Mention Content or any other content or material belonging to Mention or other clients or users (if you have not obtained express consent to do so);
- does not claim to be someone else or to give a false description of the Client’s connection with another person or organisation in any manner;
- does not make available material which the Client is not authorised to publish in accordance with the law, an agreement or any loyalty-related obligation (such as business secrets, insider information or confidential information);
- does not contravene any applicable data protection legislation; and
- does not infringe any patent, trademark, trade secret, copyright, neighbouring rights, protection of designs (whether registered or otherwise), or any other intellectual property right, and does not allow third parties to infringe them.
The Client must also ensure that it possesses the appropriate rights to publish the Client Content via the Services. By publishing the Client Content, the Client guarantees that it possesses these rights. The Client must:
- have received all required consent from the third parties concerned, or have ensured that another legal basis exists for the processing, in order that the processing, including the publication of the Client Content via the Services, does not infringe the rights of any person or organisation;
- ensure that there is a sound legal basis for the publication of images of any persons visible in the uploaded images or films, in as far as this is required by law;
The Client holds Mention harmless against any legal action resulting from any Client Content posted in violation of these General Terms of Sale.
At its sole discretion, Mention may delete all or part of the published Client Content without notice at any time, if Mention considers that it violates these General Terms of Sale. Mention must inform the Client of the said deletion and the reason for this.
6. Use of the Client Content by Mention
In order for Mention to be able to supply the Client with the Services, the Client grants Mention a non-exclusive, free, global and otherwise unlimited right to process, use, publish and copy the Client Content and to make it available, whether directly or indirectly, for the purpose of providing the Services to the Client.
7. The processing of personal data
7.1. The processing of personal data by Mention
The effects of the General Terms of Sale, of the Purchase Order (where applicable) and the use of Services by the Client entail some processing of personal data. The parties must assume various roles and responsibilities concerning the processing of this personal data. For the purpose of processing personal data in a prudent manner compliant with the applicable data protection legislation, including but not limited to the French data protection act (“Law number 78-17 of 6 January 1978 concerning the protection of personal data” as amended) and (EU) regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data and the free circulation of this data (the general data protection regulation or “GDPR”), the parties agree that the attached Data Protection Conditions including the Data Processing Agreement, will be considered an integral and binding part of these General Terms of Sale. In the event of any contradiction with these General Terms of Sale, the Data Protection Conditions / Data Processing Agreement will take precedence.
7.2. The processing of personal data by the Client
In particular, if the Client processes personal data outside the scope of the Services (for example by contacting a person whose contact information has been supplied to the Client as part of the Services, by any means other than those provided as part of the Services), the parties are reminded that this processing is performed under the Client’s sole and exclusive liability, with the Client acting as the data controller. The Client must therefore ensure that the processing of any data complies with the applicable regulations (including in particular the legal basis for the processing and the provision of compulsory information to the data subject) and moreover guarantees Mention against any complaints or claims based on this new processing of the personal data by the Client.
8. Access and security
At its sole discretion, Mention agrees to adopt reasonable measures to ensure that the Services are available on the Internet 24 hours a day, 7 days a week. Mention is entitled to take measures affecting the above-mentioned access when Mention considers this necessary for technical, maintenance, operational or security reasons. The Client acknowledges and accepts that maintenance, updates, bugs and other causes or circumstances, whether planned or unplanned, may result in interruptions to or breakdowns affecting the Services. The Client may visit status.Mention.com to obtain information concerning the current operational status of the services. The Client understands and acknowledges that its access to the Internet cannot be guaranteed and that Mention may under no circumstances be considered liable for any issues with the Client’s Internet-related connections or equipment. Mention must adopt reasonable measures to ensure that the security of the Services complies with the standards applicable in the sector. Mention’s security measures are described in the Security Policy and apply at all times. This Security Policy may be viewed here.
Due to the complexity of the Internet, the unequal performance of different sub-networks, peak use by users of the Solution at certain times and various bottlenecks over which Mention has no control, Mention’s liability will be limited to the operation of its servers, the external limits of which are constituted by their connection points. Mention may not be considered liable for (i) access speeds when accessing its servers, (ii) external slowdowns affecting its servers (iii) poor transmission due to the failure of or problems with these networks. Mention may not be considered liable in the event of intrusions with malicious intent in the storage area reserved for the Client unless it has been demonstrated that the security measures it has introduced were seriously insufficient. Furthermore, Mention may not be considered liable for any lack of vigilance on the part of the Client’s users in maintaining the confidential nature of their usernames and passwords
9. Assistance services
Mention will provide the Client with assistance services if it has any questions concerning the use of the Services. The contact details and opening times of the assistance service can be found on the Mention Website.
10. Contractual term and termination
The Services are provided in the form of a subscription (hereafter referred to as the “Subscription”).
The Subscription begins on the date on which the Client supplies its bank details, for a period of 1 (one) month or 1 (one) year according to the subscription period selected by the Client, from date to date, (hereafter referred to as the “Subscription Period”). If the Subscription is made in the form of a Purchase Order, the Subscription is taken out for the period mentioned in the said Purchase Order.
If the Client enters its bank details before the expiry of the free trial period, the Subscription will begin on the date these details are supplied. The Subscription is then automatically renewed for successive periods of a duration identical to the Subscription Period, from date to date, unless cancelled by Mention or by the Client at least 1 (one) week in the case of a monthly Subscription or 90 (ninety) days in the case of an annual Subscription before the expiry of the period concerned. The Subscription must be cancelled:
- By the Client: by clicking the button provided for this purpose in its Customer Account or by email,
- By MENTION: by email.
The cancellation of the Subscription will take effect at the end of the last day of the Subscription.
Once the paid Subscription Period or the free trial period have ended, the Services will be automatically downgraded to those of the “free” Subscription offer. In the case of a free Subscription Period, the Subscription may be terminated by either party subject to the issuing of written notice, or, where applicable, by means of a dedicated button provided for this purpose.
Mention may always terminate the Subscription with immediate effect earlier than above-mentioned dates if the Client:
- fails to abide by any of the provisions of these General Terms of Sale, or more generally if the client contravenes any laws or regulations and if it takes no steps to rectify such failings within 30 (thirty) days following the receipt of a written request to this effect from Mention, or
- goes bankrupt, enters into a settlement agreement, suspends its payments, is the subject of corporate restructuring measures or risks finding itself in a situation of insolvency in any other circumstances.
11. Guarantee limitations and claims
Mention guarantees the Client that the Services will operate in a substantial and material manner in compliance with what is presented on the Mention Website, under normal conditions and circumstances of use, for the intended purposes and for the sole use of the Mention Content as part of the Services. This guarantee does not apply to the trial period for Subscriptions or to the free Subscription. With the exception of the above-mentioned guarantees and in as far as allowed by law, Mention rejects any other guarantee or warranty concerning the Services, whether express or implicit, including but not limited to their adaptation to a particular use, the accuracy or reliability of the results obtained from using the Services, that the Services meet specific requirements, that the Services will not be interrupted, or that they are fully protected or free of computer errors.
12. Liability limitations, etc.
With the exception of any legal liability which Mention is legally prevented from declining (such as compulsory product-related liability, liability for bodily injury or death, etc.), Mention may not be considered liable for any loss of income, profits or savings, contracts, production, clients, data or other information, and for complaints or claims from third parties, indirect losses and any other consequential losses. Furthermore, Mention’s overall liability within one calendar year may not exceed the amount which the Client has paid Mention during the said calendar year.
Mention is not responsible or liable for ensuring the permanent and uninterrupted availability of the Services or for any other losses or circumstances arising following one of the situations mentioned in Section 8, including a lack of access and security, interruptions, risks and faults.
It should be remembered that Mention is a simple supplier of data aggregation technology. Mention performs no verification of the data issued to the Client via its technology. Consequently, regarding the Mention Content, the third-party services or material, Mention does not guarantee that any Mention Content or any material or service supplied by third parties is totally correct, reliable, complete or accessible, and Mention is not liable for any losses or damage arising from problems with this Mention Content, material or service. The parties are reminded that the Client is only authorised to use the Mention Content for consultation purposes as part of the Services and that any other use of the Mention Content is at the Client’s risk, with no guarantees from Mention.
The Client will defend and compensate Mention for any complaints, claims or proceedings initiated against Mention by a third party arising from the use (or related to the use) of the Services by the Client, including complaints and claims related to the Client Content published by the Client as part of the Services.
13. Prices and payment
In return for the provision of the Solution and the Services, the Client will pay the price stated on the Website according to the offer selected at the time it subscribed to the Services or stated in the Purchase Order. Mention reserves the right to increase its price by a maximum of 5 (five) percent for each renewal period. The Client will be informed of these modifications by Mention by any appropriate written means (including by email) at least 120 (one hundred and twenty) days before the new prices take effect. Once they have taken effect, the new prices will apply when the Subscription renews. Unless stated otherwise in the Purchase Order, payment will be made at the start of each Subscription Period following the issuing of an invoice by Mention, or, where applicable, by credit card. The payment should reach Mention in full within the payment times stated on the invoice or in the Purchase Order where applicable. In the case of late or non-payment by the Client, Mention may invoice it for late payment interest at an interest rate of 8 (eight) percent per annum, in addition to reminder fees and compensation for any recovery costs in addition to those for any other means of redress at Mention’s disposal.
The Client agrees to settle invoices in the currency stated on the invoice, with payment being made to the account stipulated on the invoice.
Without prejudice to its other rights, Mention may temporarily deactivate the Client’s access to the Services in the case of overdue payment exceeding 20 (twenty) days. Additionally, Mention may terminate the Subscription and delete and destroy the Client Content in the case of overdue payment exceeding 40 (forty) days.
In the case of the early termination of this agreement due to non-observance by the Client, the Client is entitled to no reimbursement of any sums paid in advance.
14. Force majeure
Neither of parties may be considered liable for any failings or delays in the performance of their commitments under the terms of these General Terms of Sale if these failings or delays result from a case of force majeure as defined in article 1218 of the French Civil Code. The Parties hereby agree that the term ‘force majeure’ refers to all events normally recognised as such by law and by the French courts, including but not limited to interruptions to or problems with the Internet or networks, telecommunications, power supplies or any other infrastructure, general labour disputes, wars, fires, lightning, epidemics/pandemics, terrorist attacks, DDoS attacks or similar attacks aimed at interrupting the normal movement of data, changes in regulations by the authorities or errors and delays with the services provided by subcontractors due to these circumstances.
15. Intellectual property rights
All intellectual property rights concerning Mention, the Mention Solution, the Mention Services, the Website and all other related services, such as patents, design patents, design rights, copyrights, neighbouring rights, moral rights, business secrets and know-how, rights concerning databases, trademarks, company names, rights relating to business legislation and any other intellectual property right, in all cases, whether registered or registrable, and all applications for registration of any of the above-mentioned rights in addition to the right to apply for registration and all rights and forms of protection of the same nature or having similar effects worldwide are and will remain the property of Mention or its licence providers. Under no circumstances does the use of Services represent a transfer or assignment of these intellectual property rights to the Client.
The Client expressly acknowledges and accepts that any use of the Mention Content outside of the Services may result in an infringement of intellectual property rights, for which the Client will be considered solely liable. Any Client Content published by the Client via the Services remains the exclusive property of the Client or its respective legal owner. All rights concerning the Mention Content produced by Mention in the Client’s name as part of the professional services supplied will also be considered the property of the Client.
16. Privacy & confidentiality
Both parties agree to treat information which may be considered as the other party’s professional or business secrets (whether in verbal, written or electronic form or in any other form) as private and confidential, unless the party supplying the said information expressly gives its written consent to the contrary. This means that neither party may divulge this information to a third party or use this information for purposes other than the performance or implementation of this agreement. Both parties must also ensure that this commitment is observed and respected by all employees, staff, agents or other persons to whom such information is revealed. This privacy and confidentiality obligation will continue to apply for 2 (two) years after the termination of this agreement. However, the privacy and confidentiality obligations will not apply to information which is widely known or for which a party can demonstrate that it became aware of the information via any means other than these General Terms of Sale. The privacy and confidentiality obligations will also not apply when a party is required to supply the information in compliance with a law, a regulation or a decision by the authorities.
The Client may contact Mention by post at Mention Solutions SAS, 16, Passage Jouffroy, 75009 Paris, France or by e-mail at support@Mention.com.
When Mention needs to contact the Client, Mention will use the postal address or e-mail address which the client supplied at the time it subscribed to the Services or contained in the Purchase Order. The Client is responsible for ensuring that this contact information is kept up to date.
Mention may also send marketing communications to the Client concerning Mention’s products, services and events.
18. Modifications to the General Terms of Sale
Mention may modify the General Terms of Sale. If such changes significantly modify the Client’s rights and obligations, the Client will be informed of these changes by email or via information provided within the Services or on the Mention Website. All changes will take effect 1 (one) month after Mention has informed the Client of them, as stated above.
19. Business references
Unless expressly stated in the Purchase Order or notified to Mention by any appropriate written method, the Client authorises Mention to use its name, brand, logo and website details as business references on any media and in any form.
20. The transfer of services
These General Terms of Sale are valid between the parties and cannot be transferred or disposed of without written authorisation. However, Mention may wholly or partially transfer the provision of the Services to another company belonging to the same group as Mention. All rights and obligations existing between the Client and Mention will then apply between the Client and the company assuming the provision of the Services.
21. Applicable law and dispute resolution
Unless other provisions apply concerning the mandatory applicable law, these General Terms of Sale and the relationship between the Client, you and Mention will be interpreted and applied pursuant to French law. Unless otherwise stipulated by the over-riding applicable law, any disputes arising as a result of these General Terms of Sale or the relationship between the parties will be settled by the French general courts and the Tribunal de Commerce de Paris (Paris Commercial Court) in first instance.