Terms of Service

Definitions and Interpretation

Active Customer

Additional Functionality

Affiliate

Agreement

Annual Fee

Authorised Users

Client Content

Client Marks

Client Website

Confidential Information

Configuration

Contract Year

Creative Insight Services

Creative Insight Sites

Data Processing Agreement or DPA

Effective Date

End User(s)

Fees

Good Industry Practise

Group

Influencer Content

Influencer Programme

Influencer Services

Integration Instructions

Intellectual Property Rights

IP Claim

Launch Date

Mention Me

Mention Me Content

Mention Me Marks

Mention Me Website

Minimum Period

Monthly Term

Offer Terms and Conditions

Order Form

Platform

Product Terms

Promoter Programme

Promoter Services

Protected Data

Referral

Referred End User

Renewal Date

Representative

Revenue(s)

Reward

Services

Set Up Services

Software

Term

Third Party Voucher

Working Day

These Terms of Service set out the terms and conditions upon which you (the Client) and your Affiliates may use the Mention Me Services, by using the Services, you agree to accept these Terms of Service. These Terms of Service serve as the master agreement governing your relationship with Mention Me. Any Product Terms and the Data Processing Agreement are supplemental agreements that, together with these Terms of Service, constitute the entire agreement between you and Mention Me regarding your use of specific products or Services.

IF YOU DO NOT ACCEPT THESE TERMS OF SERVICE DO NOT USE THE MENTION ME SERVICES.

The Services
1. Mention Me shall provide the Services detailed in the Order Form with commercially reasonable skill and care on and subject to the terms of this Agreement.
2. The Client may allow its Affiliates to access the Platform and use the Services provided that:
  1. where the context requires, references to the "Client" in this Agreement shall be construed as referring to the Client's Group;
  2. the Client ensures that its Affiliates comply with the terms and conditions of this Agreement
  3. the Client remains responsible for Affiliate's acts and omissions
  4. any Active Customers of the Client's Affiliates will count towards the Client's total number of Active Customers; and
  5. any claims will be brought against Mention Me by the Client on behalf of its Group.
3. Mention Me shall not be liable for any failure to provide the Services to the extent such failure is caused by a failure of the Client to comply with the Client Responsibilities in clause 2.
4. Either party may suspend visibility of any part of the Service where the suspension is necessary to enable Mention Me or the Client to address any issues that might impair the performance or function of a Service or the Client Website and/or which either party reasonably considers may be damaging to the Client, Mention Me or any End User. Both parties agree to use all reasonable efforts to notify the other party before suspending visibility of a Service. In the event that prior notification is not possible, notification will be provided as soon as it is reasonably practicable to do so.
5. Mention Me may temporarily suspend the Platform for repair or maintenance or upgrade work with or without notice.
6. The Platform and Software are provided 'as is'. Mention Me shall use commercially reasonable efforts to resolve any issues promptly.
7. Mention Me is not liable for Service failures caused by Client non-compliance with its responsibilities.
8. Mention Me will use reasonable efforts to implement Client-requested changes but does not guarantee support and may charge additional fees (such fees to be mutually agreed prior to any work bein undertaken) for material changes.
9. Certain products and services offered through the Platform may be subject to additional product-specific terms and conditions ("Product Terms"). Where Product Terms apply, they supplement and form part of this Agreement. You will be presented with the applicable Product Terms before accessing or using such products, and your use of the product constitutes acceptance of those Product Terms.
Client Responsibilities
1. The Client acknowledges that many elements of the Platform are configurable and customisable by the Client or by Mention Me at the Client's request.. The Client shall approve and accept responsibility for the Platform Configuration on the Launch Date and approve any subsequent material changes to that Configuration. Subject to clause 10, Mention Me shall not make changes to the agreed Configuration without express Client approval.
2. Client employees, agents, partners for independent contractors may be granted log-in access to the platform for administrative and customer service purposes (Authorised Users). The Client shall be solely responsible for:
  1. which personnel are granted access, the level of access and/or nominating individual administrators who are responsible within their organisation for doing this;
  2. revoking the access of any of its Authorised Users;
  3. ensuring Authorised Users maintain the safety and security of their log-in details;
  4. informing Mention Me immediately of any loss, theft or misuse of Authorised User log in details;
  5. ensuring Authorised User accounts cannot be shared or used by more than one individual and (if relevant) ensuring the number of Authorised Users and their level of accesss not exceeded; and
  6. informing Mention Me promptly of any breach of the above sub-clauses.
3. Mention Me shall not be responsible for and shall be held harmless by the Client in respect of any claims or losses which result from:
  1. unauthorised access to the Platform made using the log-in details of an Authorised User of the Client following the loss or theft of those details; and
  2. any misuse of the Platform made by an Authorised User of the Client.
4. Client agrees that it shall only use the Platform for its own business purposes as contemplated by this Agreement and in accordance with all applicable laws.
5. Client agrees to not (and shall ensure that End Users and Authorised Users do not) submit any sensitive personal data, including health information, biometric data or government identification numbers though the website, the Platform, the Services or support tools.
6. Client agrees to not (and shall ensure that End Users and Authorised Users do not) use the Services to upload, transmit or distribute any unlawful, abusive, infringing or harmful content.
7. Client is not permitted to:
  1. Scrape content or store content of the Platform on a server or other storage device connected to a network or create an electronic database by systematically downloading and storing all of the content of the Platform; or
  2. Attempt to circumvent security or interfere with the proper working of the Platform or the servers on which it is hosted.
Fees and Payment
1. Except where a free trial is being offered in accordance with clause 8, the Fees shall consist of an annual fee (Annual Fee) or Monthly Fee and any such other fees as set out in the Order Form.
  For Annual Contracts only
2. The Fees shall consist of an annual fee (Annual Fee) and any such other fees as set out in the Order Form.
3. Charging of the Annual Fee will commence on the Effective Date. The Annual Fee shall be invoiced on the Effective Date and thereafter on each Renewal Date (or within 30 days of the start of the period to which it relates).
4. Payment may be made by credit or debit card or may be invoiced by us in accordance with this section. Mention Me accepts payment by most major credit and debit cards. Online payment transactions are subject to validation checks by your card issuer and Mention Me is not responsible if Client's card issuer declines to authorise payment for any reason. Mention Me is not responsible for any associated costs, including online handling fees or processing fees with making payment via credit or debit card.
5. The Fee on each Renewal Date shall be determined in line with the Order Form. If the fee due on renewal is not set out on the Order Form then Mention Me reserves the right to increase the Fees at each Renewal Date by no more than 10% of the previous Contract Year value.
6. All invoices must be paid within 30 days of the invoice date unless otherwise stated in the Order Form. Mention Me may, in its sole discretion, suspend provision of the Services if any undisputed sums owed by the Client are overdue for more than 14 days after being provided with a suspension notice by or on behalf of Mention Me.
7. If the Client requires a purchase order number on its invoice, the Client hereby agrees to promptly provide Mention Me with the purchase order or purchase order number upon request. If the Client fails to provide Mention Me with a purchase order or purchase order number, Mention Me will invoice the Client without a purchase order number and the Client hereby agrees to pay such invoice. The parties agree that none of the terms and conditions in any purchase order issued by the Client will apply to or modify this Agreement.
  
  For Monthly Term Contracts only
8. For Monthly Term contracts, the Monthly Fee (Monthly Fee) and any such other fees will be set out in the Order Form.
9. Payments must be made monthly by direct debit on immediate payment terms.
10. Payment may be made by credit or debit card in accordance with this section. Mention Me accepts payment by most major credit and debit cards. Online payment transactions are subject to validation checks by your card issuer and Mention Me is not responsible if Client's card issuer declines to authorise payment for any reason. Mention Me is not responsible for any associated costs, including online handling fees or processing fees with making payment via credit or debit card.
11. Mention Me may suspend provision of the Services if any Monthly Fee remains unpaid for more than seven (7) days after the due date, provided Mention Me has given the Client not less than three (3) Working Days' prior written notice of such suspension.
12. Mention Me reserves the right to increase the monthly fee payable under this Agreement up to ten percent (10%) at the end of each twelve (12) month period.
  
  For all Contract Types
13. If requested by Mention Me, the Client shall promptly provide to Mention Me information on its: number of Active Customers; Revenue; average order values; and such other information to enable Mention Me to calculate its Fees for the next Contract Year or validate that its Fees are accurate for that current Contract Year. The Client shall ensure such information is accurate, complete and not misleading.
14. All fees are quoted and payable in the currency set out on the Order Form.
15. The Fees do not include any direct or indirect taxes, levies, duties or similar governmental assessments of any nature, including value-added, sales, use or withholding taxes which shall (if applicable) be added to Mention Me’s invoice as required.
16. Mention Me shall have the right to charge interest on overdue invoices or overdue amounts at the rate of 3% per annum above the base rate of Barclays Bank Plc, calculated from the date when payment of the invoice becomes due for payment up to and including the date of actual payment whether before or after judgment.
17. Invoices and any payments shall be paid without set off or deduction or counterclaim save for amounts disputed by the Client, acting reasonably and in good faith.
Intellectual Property
1. Client acknowledges that Mention Me and/or its licensors own all Intellectual Property Rights and any other rights in or arising out of or in connection with the Platform, the Software and the Services, including any modifications, amendments, developments or updates made to the Platform, Software and/or Services after the date of this Agreement. Except as expressly stated in this Agreement, this Agreement does not grant the Client any Intellectual Property Rights or any other rights or licences in respect of the Platform, the Software or the Services.
2. The Client agrees that all features and functionality in or which form part of the Platform are proprietary to Mention Me and/or its licensors and contains valuable confidential information and the Client warrants that it will not nor will it enable others to, copy, port, decompile, reverse engineer, disassemble, attempt to derive the source code of, decrypt, modify, or create derivative works of the software or any services provided by Mention Me, or any part thereof.
3. Subject to the terms and conditions of this Agreement, Mention Me hereby grants the Client, solely during the Term, a limited, non-exclusive, non-sublicensable, royalty free, fully revocable licence to use the Platform and any Intellectual Property Rights owned by Mention Me that are contained within the Platform solely in connection with the Client's (and its employees' and End Users') use of the Services as contemplated by this Agreement. Any rights not expressly granted to the Client under this clause in connection with the Platform or Mention Me's Intellectual Property Rights are reserved by Mention Me and its licensors.
4. Subject to clause 4.5, Mention Me shall:
  1. defend and indemnify the Client from and against any claim brought against the Client by any third party alleging that the Client's use of the Services in accordance with this Agreement infringes any copyright, database right or registered trade mark, registered design right or registered patent in the United Kingdom (each an IP Claim); and
  2. pay, subject to clause 4.5, all reasonable costs and damages awarded or agreed in settlement or final judgment of an IP Claim.
5. The provisions of clause 4.4 shall not apply unless the Client:
  1. promptly (and in any event within 5 Working Days) notifies Mention Me upon becoming aware of any actual or threatened IP Claim and provides full written particulars;
  2. makes no comment or admission and takes no action that may adversely affect Mention Me's ability to defend or settle the IP Claim;
  3. provides all assistance reasonably required by Mention Me subject to Mention Me paying the Client's reasonable costs; and
  4. gives Mention Me sole authority to defend or settle the IP Claim as Mention Me considers appropriate.
6. The provisions of clause 6 shall apply to any payment of costs and damages awarded or agreed in settlement or final judgment of an IP Claim under clause 4.4.
7. In the event of any IP Claim Mention Me may elect to:
  1. procure for the Client the right to continue using the relevant Service (or any part thereof);
  2. modify or replace the infringing part of the Services (or any part thereof) to avoid the infringement or alleged infringement; or
  3. terminate the Agreement immediately by written notice and promptly refund to the Client on a pro- rata basis for any unused proportion of Fees paid in advance.
  This clause 4.7 is without prejudice to the Client's rights and remedies under clause 4.4.
8. Mention Me shall have no liability or obligation under this clause 4 in respect of (and shall not be obliged to defend) any IP Claim which arises in whole or in part from:
  1. any modification of the Services (or any part) without Mention Me's express written approval;
  2. any Client Content;
  3. any breach of the Agreement by the Client;
  4. Client's use of any external sites or applications in relation to any of the Services; and
  5. any user generated content.
9. Subject to clause 6, the provisions of this clause 4 set out the Customer's sole and exclusive remedy (howsoever arising, including in contract, tort, negligence or otherwise) for any IP Claim.
10. Save as expressly permitted in accordance with this Agreement, the Client shall not, and shall not authorise any third party to, modify, merge, sell, network, rent, lease, assign, or create derivative works based upon, the Platform or the Software in whole or in part, transfer or redistribute in any manner the Platform or the Software, or reverse engineer, decompile or otherwise derive the source code form of any components provided by Mention Me in object code form.
11. Mention Me acknowledges that the Client and/or its licensors own all Intellectual Property Rights in the Client Content and Client Marks. The Client hereby grants to Mention Me, solely during the Term, a limited, non- exclusive, non-sublicensable, royalty free, fully revocable licence to use, reproduce and display the Client Content (including any related registered and unregistered trademarks (Client Marks)) solely for the purposes of providing the Services as contemplated by this Agreement. Such licence shall be subject to any further written guidance with regard to the use of the Client Marks or Client Content that the Client provides to Mention Me. Any rights not expressly granted to Mention Me under this Agreement in connection with the Client Marks are reserved by the Client and its licensors.
12. Mention Me hereby grants to the Client, solely during the Term, a limited, non-exclusive, non-sublicensable, royalty free, fully revocable licence to use, reproduce and display Mention Me's registered and unregistered trademarks and associated logos (Mention Me Marks) solely in connection with Client's Service(s). Such license shall be subject to any further written guidance with regard to the use of the Mention Me Marks that Mention Me Client provides to the Client. Any rights not expressly granted to the Client under this Agreement in connection with the Mention Me Marks are reserved by the Mention Me and its licensors.
Data Protection
1. To the extent Mention Me processes Protected Data (as defined in the Data Processing Agreement), as a Data Processor, Mention Me shall process this data in accordance with the Data Processing Agreement.
2. To the extent Mention Me processes Protected Data (as defined in the Data Processing Agreement), as a Data Controller, Mention Me shall process this data in accordance with the Data Protection Policy which can be found here.
Liability
1. Clause 6 sets out the entire financial liability of each party to the other party:
  1. arising under or in connection with this Agreement;
  2. in respect of any use made by the Client of the Services, the Software, the Platform or any part of them; and
  3. in respect of any representation, statement or tortious act or omission (including negligence) arising under or in connection with this Agreement.
2. Except as expressly and specifically provided in this Agreement all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this Agreement.
3. Nothing in this Agreement excludes the liability of a party for (i) death or personal injury; (ii) fraud or fraudulent misrepresentation; or (iii) any other liability that may not be lawfully excluded.
4. Subject to clause 6.3 and without prejudice to any specified liability provisions contained in the Data Processing Agreement:
  1. neither party shall be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under this Agreement; and
  2. each party's total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this Agreement (with the exception of sums payable in accordance with clause 3 and the recovery of the same) shall be limited to the total Fees paid for the Services during the 6 months immediately preceding the date on which the claim arose.
Confidentiality
1. The Receiving Party shall hold all Confidential Information in confidence and, except as required by law or permitted herein, shall not disclose it to third parties or use it other than for performing obligations or exercising rights under this Agreement, unless requested or agreed by the disclosing party.
2. Without prejudice to clause 7.1, the Receiving Party may disclose Confidential Information to its Affiliates, employees, agents and advisors (Representatives) who need to know such Confidential Information solely for implementing this Agreement, provided the Receiving Party remains responsible for its Representatives' compliance Each party shall ensure that its Representatives are bound by confidentiality agreements on terms no less onerous than this clause 7.
3. Where the Client is the Disclosing Party, Mention Me may disclose Confidential Information to:
  1. third party partners and agencies (Partners) with the Client's prior written consent. Mention Me's obligations with respect to Confidential Information shared with its Partners ends when when the Client enters into its own agreement with the Partner; and
  2. potential investors, disclosing only such Confidential Information as is reasonably necessary in connection with a merger, acquisition or equity investment by a third party,
  Provided Mention Me ensures such Partners or investors are bound by confidentiality agreements on terms no less onerous than this clause 7 and remains responsible to the Client for their compliance.
4. The Disclosing Party represents and warrants that it has the authority to disclose the Confidential Information to the Receiving Party (or its Representatives).
5. Confidential Information remains the Disclosing Party's exclusive property. The Receiving Party acquires no rights, title, interest or licence in Confidential Information or to any embodied Intellectual Property Rights. The Receiving Party acknowledges breach may cause irreparable harm for which damages are inadequate. The Disclosing Party may seek injunctive relief or specific performance for any threatened or actual breach by the Receiving Party, its Representatives or others receiving Confidential Information under this Agreement.
Free Trials
1. Mention Me may, at its sole discretion, offer a free trial of the Services. The duration of the trial and the specific features included shall be detailed in the applicable Order Form. On the expiry of the free trial, the Agreement may convert into a paid for service governed by the terms of this Agreement, and any Order Form. Mention Me reserves the right to modify, suspend, or terminate free trial offers at any time, without prior notice.
Term and Termination
For Annual Contracts only
1. Except where a free trial is being offered in accordance with clause 8, this Agreement commences on the Effective Date and continues for the Minimum Period. Unless terminated under this clause 9, the Agreement automatically renews for 12 months upon the expiry of the Minimum Period(first Renewal Date) and thereafter for twelve months on each anniversary of the first Renewal Date (each of the first Renewal Date and each such anniversary being a Renewal Date). The Minimum Period and each renewal period shall constitute the Term.
2. Either party may terminate the Agreement and/or any part of the Services on a Renewal Date by giving at least 30 days prior notice. Without such notice, the Agreement automatically renews.
  
  For Monthly Term Contracts only
3. Unless terminated under this clause 9, the Agreement shall automatically renew for successive Monthly Terms upon the expiry of the Minimum Period. Unless terminated in accordance with this clause 9, the Agreement shall automatically renew for successive Monthly Terms.
4. Either party may terminate this Agreement at the end of any Monthly Term by giving not less than 30 days prior notice to the other party. Without such notice, the Agreement automatically renews for the next Monthly Term.
  
  For all contracts
5. This Agreement commences on the Effective Date and continues for the Minimum Period.
6. Either party may terminate this Agreement without liability to the other if:
  1. the other party commits a material breach of any of the terms of this Agreement and (if remediable) fails to remedy that breach within 30 days of written notice; or
  2. an order is made or a resolution is passed for the winding up of the other party, or circumstances arise which entitle a court to make a winding-up order in relation to the other party; or
  3. an order is made for the appointment of an administrator to manage the affairs, business and property of the other party, or documents are filed with a court of competent jurisdiction for the appointment of an administrator of the other party, or notice of intention to appoint an administrator is given by the other party or its directors or by a qualifying floating charge holder (as defined in paragraph 14 of Schedule B1 to the Insolvency Act 1986); or
  4. a receiver is appointed over any of the other party’s assets or undertaking, or if circumstances arise which entitle a court of competent jurisdiction or a creditor to appoint a receiver or manager of the other party, or if any other person takes possession of or sells the other party’s assets; or
  5. the other party makes an arrangement or composition with its creditors, or makes an application to a court of competent jurisdiction for the protection of its creditors in any way; or
  6. the other party ceases, or threatens to cease, to trade; or
  7. the other party takes or suffers any similar or analogous action in any jurisdiction in consequence of debt or insolvency.
  References to “the other party” regarding the Client, includes the Client’s Group to the extent Group members access Services under this Agreement.
7. Mention Me may terminate immediately, without notice, if itbelieves in its sole discretion, that the Platform is being used inappropriately, illegally, harmfully, dangerously, in violation of third party right or otherwise in breach of this Agreement Either party may terminate immediately without notice if either party has become or believes, in its sole discretion but acting reasonably, that it is likely to become subject to a third party claim.
8. On termination or any reason:
  1. all licences granted under this Agreement immediately terminate;
  2. accured rights and surviving provisions remain unaffected ;
  3. Mention Me shall: (i) suspend the processing of the Protected Data as soon as possible; (ii) make Protected Data available to the Client in a reasonably requested mannor and format for up to 30 days post-termination and (iii) upon Client request, permanently remove all Protected Data and/ or Confidential Information from its systems where technically possible and legally permissible, and promptly confirm compliance in writingexcept as set out otherwise in this Agreement, the Client is not be entitled to any refund of Fees paid for the period during which the Services cease to be provided; and
  4. Client shall: (i) promptly cease sharing any Personal Data with Mention Me; (ii) remove any Mention Me javascript tags from the Client Website(s) any any other system integrations with the Platform
  5. Mention Me shall delete Client Protected Data in line with the Data Protection Agreement. If a non-renewing Client requests in writing that Protected Data be retained for a limited period, Mention Me may agree at its discretion and invoice monthly at 12.5% of the Annual Fee. Invoices are sent monthly in advance and payable per clause 3.
General
1. Mention Me reserves the right to modify, amend, or update these Terms of Service at any time and at its sole discretion. Mention Me will provide notice of any material changes by:
  1. posting the updated Terms of Service on its website; and
  2. indicating the date of the last revision at the top of the Terms of Service.
  Your continued use of the services following the posting of any changes constitutes your acceptance of such changes. If you do not agree to any modification of these Terms of Service, you must immediately cease using the services.
2. No term of this Agreement will be enforceable by virtue of the Contract (Rights of Third Parties) Act 1999 by any person that is not a party to it.
3. Each of the parties warrants that it has full authority and power to enter into this Agreement and that it has obtained all necessary approvals to do so.
4. Except for payment obligations, if a party is prevented or delayed in performing its obligations due to circumstances beyond its reasonable control, including, acts of war, terrorism, hurricanes, earthquakes, acts of God or of nature, strikes or other labour disputes, riots, or embargoes, such failure or delay will not be deemed to constitute a breach of this Agreement. The obligations remains in effect and must be performed as soon as reasonably practicable after the circumstances end, provided that if performance is prevented or delayed for more than ninety (90) days, the other party may terminate this Agreement with thirty (30) days' written notice.
5. The Client agrees that Mention Me may change or update the Platform and/or Services without notice provided that such changes: (i) do not materially adversely affect the nature or quality of the Services; or (ii) are required to be made for legal or regulatory reasons. Any changes or updates are proprietary to Mention Me.
6. Each party acknowledges that this Agreement (including the Data Processing Agreement) contains the whole agreement between the parties and shall supersede and terminate all prior agreements, undertakings and arrangements (both written and oral) between the parties relating to the subject matter of this Agreement. Furthermore, each party acknowledges that it has not relied upon any oral or written representations made to it by the other or its employees or agents and has made its own independent investigations into all matters relevant to it.
7. If Mention Me requests and the Client agrees then the Client shall: (i) assist Mention Me to create a case study and participate in blogs, testimonials, social media and other marketing activities which refer to the Client; and (ii) participate in beta testing, a joint presentation at an industry event and a presentation at a Mention Me event.
8. Neither party will assign, subcontract, transfer or encumber any right or obligation under this Agreement, in whole or in part, without the other party's prior written consent (not to be unreasonably withheld or delayed) or except as expressly permitted in this Agreement. Mention Me may at any time:
  1. assign or transfer all or any of its rights or obligations under this Agreement to another member of its Group; and
  2. subcontract its obligations under this Agreement to a third party, provided that Mention Me will remain liable to the Client for performance of the relevant obligations.
9. Any notice to be served on either party by the other shall be sent by pre-paid recorded delivery, registered post or email to the address of the relevant party shown on the Order Form or such other physical or electronic address as may be notified by one party to the other from time to time.
10. If any provision of this Agreement is, or is found to be, illegal, invalid or unenforceable, the remaining provisions shall continue in full force and effect and shall not be affected by such illegality, invalidity or unenforceability.
11. Failure by a party to enforce at any time or for any period any one or more of the terms or conditions of this Agreement shall not be a waiver by that party of the right at any time subsequently to enforce all terms and conditions of this Agreement.
12. This Agreement shall be governed by and construed in accordance with English law.
13. The parties hereby submit to the exclusive jurisdiction of the courts of England in respect of any dispute arising out of or in connection with this Agreement.

Definitions

Applicable Law means as applicable and binding on the Client, Mention Me and/or the Services:

1. any law, statute, regulation, byelaw or subordinate legislation in force from time to time to which a party is subject and/or in any jurisdiction that the Services are provided to or in respect of;
2. the common law and laws of equity as applicable to the parties from time to time;
3.any binding court order, judgment or decree; or
4. any applicable direction, policy, rule or order that is binding on a party and that is made or given by any regulatory body having jurisdiction over a party or any of that party’s assets, resources or business;

Appropriate Safeguards means such legally enforceable mechanism(s) for transfers of Personal Data as may be permitted under Data Protection Laws from time to time;

Business, Business Purpose, Consumer and Service Provider shall have the same meaning as in the CCPA;

CCPA means the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et. Seq;

Client Agreement means the Terms of Service and Order Form entered into between Mention Me and the Client on or about the date of this agreement pursuant to which Mention Me has agreed to provide Services to the Client;

Data Controller has the meaning given to that term (or to the term ‘controller’) in Data Protection Laws. For the purpose of clarity, the term Data Controller shall also mean “Business”;

Data Processor has the meaning given to that term (or to the term ‘processor’) in Data Protection Laws. For the purpose of clarity, the term Data Processor shall also mean “Service Provider”;

Data Protection Laws means as applicable and binding on the Client, Mention Me and/or the Services:

1. the UK GDPR, as defined under Section 3(10), amended by Section 205(4), of the Data Protection Act 2018;
2. the Data Protection Act 2018;
3. the GDPR; the Privacy and Electronic Communications Regulations;
4. any Applicable Laws replacing, amending, extending, re-enacting or consolidating any of the above Data Protection Laws from time to time; and
5. the CCPA if it is binding on the Client, Mention Me and/or the Services.

Data Protection Losses means all liabilities, including all:

1. costs (including legal costs), claims, demands, actions, settlements, interest, charges, procedures, expenses, losses and damages (including relating to material or non- material damage); and

2. to the extent permitted by Applicable Law: (i) administrative fines, penalties, sanctions, liabilities or other remedies imposed by a Supervisory Authority; (ii) compensation which is ordered by a Supervisory Authority to be paid to a Data Subject; and (iii) the reasonable costs of compliance with investigations by a Supervisory Authority;

Data Subject has the meaning given to that term in Data Protection Laws;

Data Subject Request means a request made by a Data Subject to exercise any rights of Data Subjects or consumers under Data Protection Laws;

GDPR means the General Data Protection Regulation (EU) 2016/679;

International Organisation means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;

International Recipient means: (a) any country, territory or location outside the United Kingdom and European Economic Area; and/or (b) any International Organisation;

Personal Data has the meaning given to that term in Data Protection Laws;

Personal Data Breach means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Protected Data;

Processing has the meaning given to that term in Data Protection Laws (and related terms such as Process have corresponding meanings);

Processing Instructions has the meaning given to that term in clause 2.1.1;

Protected Data means Personal Data received from the Client in connection with the performance of Mention Me’s obligations under the Client Agreement;

Services means the Services to be provided by Mention Me to the Client pursuant to the Client Agreement;

Sub- Processor means another Data Processor engaged by Mention Me for carrying out Processing activities in respect of the Protected Data on behalf of the Client; and

Supervisory Authority means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Laws.

Data processing details

a. For Promoter Services:

Data Subject/ Data Collected

Historic customer

Email addresses

Historic customer order details

Email addresses

Historic customer order details

Order / Transaction ID

Historic customer order details

Currency

Historic customer order details

Total amount

Historic customer order details

Order date

Customer in your order or sign-up confirmation page

Email address

Customer in your order or sign-up confirmation page

Full name

Customer in your order or sign-up confirmation page

Order details

Customer in your order or sign-up confirmation page

IP Address/Cookie

Customer in your order or sign-up confirmation page

Coupon Code (if used)

Referrer

Email address
Full Name
IP address/ Cookie

Referee

Email address
IP Address/ Cookie
Full name (depending on client setup)

• Phone number (depending on client set up)

Full name, order details, IP address, customer IDs and email address and such other information shared by a Client, End User or Authorised User.

Full name, order details, IP address, customer IDs and email address and such other information shared by a Client itself or through a third party on behalf of the Client

How and When

Email addresses of existing customers are sent by you via secure transfer during set up. Mention Me keeps these emails in hashed format.

Data transferred by the Client during set-up or otherwise provided by the Client during the Term. Mention Me keeps emails in hashed format as well as raw format if the customers are enrolled into the PromoterProgramme. In addition, there may be instances where Mention Me has processed the Client’s data under a separate and/or prior agreement and in such an instance Mention Me shall continue processing such data for the purposes set out in this Agreement and the Client agrees

and confirms that they have all necessary permissions to allow Mention Me to continue processing data.

As above.

Data is collected via javascript tags placed on your order confirmation page.

As above.

Entered by the Referrer on the registration page

A Referee enters their details after following a sharing link and the data is collected via a javascript tag placed in the checkout process

If Client, End User or Authorised User requires support services. This data will be processed by Mention Me’s subprocessor, Crescendo AI.

If requested by the Client, data shall be:

shared with such of the Client’s processor(s) and/or third party(ies) (each as specified by the Client); and/or
received by the Client’s processor(s) and/or third party(ies) (each as specified by the Client).

In order to share and receive data Mention Me may use its sub-processor (Tray.io)

Processing and Purpose

To enable accurate tracking and reporting on repeat customers activity and will drive quicker value to clients by allowing proper segmentation of customers from go live.

Historic customer’s email addresses are used as an unique identifier for referral.

Referees are checked against this existing customer list to ensure they are genuine new customers.

We use this information to:
1) check new customers against our list of potential Referees to confirm the referral purchase.
2) maintain the list of existing customers.
3) segment each End User into a customer segment.
4) protect against gaming and selfreferral.

We use this information to:
1) check new customers against

our list of potential Referees to confirm the referral purchase.
2) maintain the list of existing customers.
3) segment each End User into a customer segment.
4) protect against gaming and selfreferral.

To enable accurate tracking and reporting on repeat customers activity and will drive quicker value to clients by allowing proper segmentation of customers from go live.

Required to count orders accurately

To enable accurate tracking and reporting on repeat customers activity and will drive quicker value to clients by allowing proper segmentation of customers from go live.

Allow us to enable advanced data features earlier into the PromoterProgrammes the algorithms and machine learning models will have enough data to start segmenting and predicting. Mention Me will also use such data to:

1) segment each End User into a customer segment.
2) display messages and Rewards to End Users based on their customer segment.
3) reporting and invoicing, including keeping track of the Revenue for the purpose of calculating Fees.

To enable accurate tracking and reporting on repeat customers activity and will drive quicker value to clients by allowing proper segmentation of customers from go live.

Allow us to enable advanced data features earlier into the PromoterRefer-a-Friend Programme, as the algorithms and machine learning models will have enough data to start segmenting and predicting. Mention Me will also use such data to:
1) segment each End User into a customer segment.

2) display messages and Rewards to End Users based on their customer segment.
3) reporting and invoicing, including keeping track of the Revenue for the purpose of calculating Fees.

To enable accurate tracking and reporting on repeat customers activity and will drive quicker value to clients by allowing proper segmentation of customers from go live.

Allow us to enable advanced data features earlier into the Advocacy Programme, as the algorithms and machine learning models will have enough data to start segmenting and predicting. Mention Me will also use such data to:

1) segment each End User into a customer segment.
2) display messages and Rewards to End Users based on their customer segment.
3) reporting and invoicing, including keeping track of the Revenue for the purpose of calculating Fees.

Unique identifier for referral.

Mention Me will also use such data to:
1) check new customers against our list of potential Referees to confirm the referral purchase.
2) maintain the list of existing customers.
3) process End User responses and Rewards (if relevant).
4) enrolling End Users without requiring them to re-enter their details.
5) send programme-related service emails (including Rewards).
6) protect against gaming and selfreferral.

Required for communication and in order to enable the name sharing method of referral to encourage more referrals. Mention Me will also use such data to:

1) process End User responses and Rewards (if relevant).
2) enrolling End Users without requiring them to re-enter their details.
3) send programme-related

service emails (including Rewards).
4) protect against gaming and selfreferral.

Required to count orders accurately
required to calculate referral commission and in order

to show offers based on transaction value. Mention Me will also use such data to:

1) segment each End User into a customer segment.
2) display messages and Rewards to End Users based on their customer segment
3) process End User responses and Rewards (if relevant)
4) reporting and invoicing, including keeping track of the Revenue for the purpose of calculating Fees.

To protect against gaming and self referral.

Required to enhance matching of referral conversion and order tracking if a different email address is used at checkout than at registration

1) To enrol customers in the programme

2) To send programme-related service emails (including Rewards)

1) Referee data is checked against post-purchase tag feed to ensure a new purchase has been made

2) To send programme-related service emails (including Rewards)

3) We pass Referee data to you if they have consented to receive marking communications from you

To provide the Client, Authorised Users and End Users with an AI customer support platform and agent services.

Mention Me shall use data for the purposes outlined above.

b. For Influencer Services:

Data Subject/ Data Collected

Historic customer order details

Email
Order / Transaction ID
Currency
Total amount
Order date

Customer in your order or sign up confirmation page or other sign up webpage

Email address
Full name
Order details
IP Address/Cookie
Influencer Content
Information on the customers’ social media profile and such other information as requested to be collected by the Client

User (including customer) information which is contained in a third party database:

email address
full name
IP address/cookie ID
social media profile and such other public information available
Influencer Content
Last four digits of bank details, VAT numbers and alternative payment details (e.g. Paypal)

Full name, order details, IP address, customer IDs and email address and such other information shared by a Client, End User or Authorised User.

How and When

Data transferred by the Client during set-up or otherwise provided by the Client during the Term. In addition, there may be instances where Mention Me has processed the Client’s data under a separate and/or prior agreement and in such an instance Mention Me shall continue processing such data for the purposes set out in this Agreement and the Client agrees and confirms that they have all necessary permissions to allow Mention Me to continue processing data.

Data is collected:

via javascript tag placed on your order confirmation page;
via a third party; or
otherwise collected via a webpage which allows data to be sent to Mention Me.

Data is collected via a third party

If requested by the Client, data shall be:

shared with such of the Client’s processor(s) and/or third party(ies) (each as specified by the Client); and/or
received by the Client’s processor(s) and/or third party(ies) (each as specified by the Client).

In order to share and receive data Mention Me may use its sub-processor (Tray.io).

If Client, End User or Authorised User requires support services. This data will be processed by Mention Me’s subprocessor, Crescendo AI.

Processing and Purpose

To enable accurate tracking and reporting on repeat customers activity which will drive quicker value to clients by allowing proper segmentation of customers from go live. In addition, to these purposes Mention Me will also use such data to:

Check customers and individuals against a third party database to determine their social media profile.
To facilitate the Client’s approval process of prospective ambassadors and micro-influencers.
To enable the Client to make a decision on whether they want to reach out to a prospective micro-influencer for a social collaboration.
To identify micro-influencer lookalikes to recommend to the Client.
To reward the End User based on posted content.
To monitor the social media presence related to the Client from all active micro-influencers.
To provide reporting back to the Client on the success of the programmes.

To store social media posts (e.g. downloading stories) for review and attribution.
To issue rewards and payments to End Users after we have received the relevant reward and payment from the Client.

Mention Me shall use data for the purposes outlined above.

To provide the Client, Authorised Users and End Users with an AI customer support platform and agent services.

Mention Me will also use the above listed categories of Protected Data to:

perform, improve and enhance the Services, including for research, development, diagnostic and corrective purposes in connection with the provision of the Services;
train machine learning algorithms and any other data processes in order to improve and enhance the Services, provided that the Client’s Protected Data will never be shared with another client or amalgamated with another client’s data for these purposes; and
anonymise the Protected Data in order to create anonymous and aggregated data sets (Anonymous Data) for the purposes of providing statistical analysis and benchmarking services to the Client. Mention Me may disclose the aggregated summary of the Anonymous Data to provide similar services to other clients and third parties, provided that the Client and the Data Subjects cannot be identified.

c. Approved Sub-Processors

Entity

Amazon Web Services, Inc.

1200 12th Avenue
South, Suite 1200,
Seattle, WA 98144, United States

Mailjet SAAS Ltd

23 Copenhagen Street, London, England, N1 0JB

Google Cloud, Ireland Ltd

Gordon House, Barrow Street Dublin 4 Ireland

Tray.io, Inc

25 Stillman Street, San Francisco
CA 94107

Lacework Inc 391 San Antonio

Road, Floor 3, Mountain View CA 94040

Posthog Inc

2261 Market Street San Francisco
CA 94114

OpenAI, LLC

3180 18th St., San Francisco, CA 94110

Modash OU

Telliskivi 60a, B-building, 10412 Tallinn

Data 365

Tipalti

Tipalti Europe Ltd, St Martins Court, 10 Paternoster Row, London, EC4M 7HP, United Kingdom.

Crescendo AI Inc.

201 Spear Street, San Francisco, CA 94105, USA

Knock

Function

The Platform Mention Me platform is hosted by AWS.

Mention Me uses Mailjet for the purposes of sending emails to participants in the Service

Mention Me uses services within the Google Cloud platform alongside Amazon Web Services to build, run and extend the PlatformMention Me Platform.

(only relevant if client integrations and/or smart platforms) Mention Me uses Tray.io’s platform in order to send and receive data to and from third party companies (at the Client’s request).

Mention Me works with a security partner to assist in threat monitoring and security intelligence to support Mention Me in its own information security.

Mention Me uses this partner to assist in product analytics and ensure that we understand how users consume our products

Mention Me uses OpenAI to power its AI functionality.

Mention Me uses Modash to check an individual’s social media profile.

Mention Me uses Data 365 to check an individual’s social media profile and provide content

Mention Me uses Tipalti to facilitate payouts to individuals for commission or any other payments earned.

Customer support platform and AI-guided agent services.

Notification platform to allow end users, Mention Me and the Client to interact with each other in connection with the Influencer Service.

Location

EEA (and using AWS Cloudfront’s edge networking in Amazon’s European and North American network).

EEA and UK

EEA

EEA and USA

USA

EEA

USA (with processing also in the Phillippines by Partner Hero, a Crescendo affiliate)

USA and EEA

Further Details

Please see:

Amazon Data Protection Compliance With respect to the non-EEA processing, AWS processes data in line with the EU model standard contractual clauses.

Please see:

Mailjet Data Protection Compliance

Please see:

Google Cloud Privacy and Compliance

Please see:

Tray.io security measures With respect to the USA processing, Tray.io processes data in line with the EU model standard contractual clauses.

Please see:

Lacework’s security standard

With respect to the USA processing, Lacework processes data in line with the EU model standard contractual clauses.

Please see:

Posthog’s security information

With respect to the USA processing, Posthog processes data in line with the EU model standard contractual clauses.

Please see:

OpenAI’s data protection compliance

With respect to its processing, OpenAI processes data in line with the appropriate model standard contractual clauses.

Please see:

Modash’s data protection compliance.

Please see:

Data 365’s data protection compliance.

Please see:

Tipalti's data protection compliance

Please see:

Crescendo’s security compliance

Crescendo processes data in line with the appropriate model standard contractual clauses.

Please see:

Knock’s data processing addendum

Knock processes data in line with the appropriate model standard contractual clauses.

Technical and organisational measures

Appendix 2

Technical and organisational measures

We take the following technical and organisational measures to protect the confidential and customer data which we Process on behalf of our clients.

Mention Me is ISO27001 certified.

The following is a summary of the policies specified by our ISO27001 certification.

1. Measures taken to ensure confidentiality

1.1 Physical access control

Measures to prevent unauthorised individuals from gaining physical access to IT and data processing systems for processing personal data and confidential files and storage media:

Confidential data is stored in either (a) the PlatformMention Me platform which is hosted with AWS or (b) the Mention Me data warehouse which is hosted with GCP (Google) in a Tier 1 data centre in various locations in Europe or (c) where they are represented by documents or emails in Google Workspace GSuite (email, Google docs) hosted by Google in a Tier 1 data centre with data storage in Europe.
These Tier 1 data centres have industry best practice physical security and Mention Me has no physical access to the computing resources it uses. Full details of the security measures in place are available here: https://aws.amazon.com/security and https://cloud.google.com/security
Our office has CCTV, alarms, key fob access for employees only and a controlled visitor policy.
We operate a paper-free office and clear desk policy in all office locations.
All workstations or laptops and any password manager applications are configured to automatically lock out users with a password after 15 minutes of inactivity. All laptop hard drives are encrypted using Mac OS X FileVault.
We do not permit the printing or storage of this data on flash drives or removable media or on non- approved laptops or mobile devices.

1.2 Logical access control

Measures to prevent protected data from being processed or used by unauthorised persons:

All access to all systems used and provided by Mention Me is done using individually identified user accounts.
All passwords conform to the following policy:
- Contain a minimum 10 characters
- Contain at least 1 number
- Contain at least one special (non-alphanumeric) character
- Not be the same as any previously used password
- Not contain some commonly used password fragments e.g. “password”
Optionally, clients can request that their employees’ passwords must be changed by the User at least every 90 days.
2FA authentication for all Client employee logins to the PlatformMention Me platform and for all logins to critical services used by Mention Me in the delivery of its services to Clients and Consumers. Access for administrators is secured via Amazon and Google’s IAM policy frameworks.
Clients can choose to provide an IP whitelist for their own employee access.
Brute force login prevention with timeouts of 1 minute after 5 failed attempts and 20 minutes after 15 failed attempts.
Our platform is penetration tested by an external third party each year and executive summaries are available for clients. Clients can PEN test our platform with prior agreement by Mention Me.

1.3 Data access control

Measures which guarantee that the person authorised to use the data processing processes can exclusively access personal data subject to their access authorisation so that data cannot be read, copied, changed, stored or removed during the processing without authorization:

We use roles and permissions for controlling who has access to what feature using the principle of least privilege.
Administrative users are either Employees of the Client or of Mention Me.
Mention Me grants access to one or more nominated Employees of the Client during the setup phase. These Employees are given Administrator access which allows them to set up, remove and adjust the privileges of other users within the Client Organisation.
Employees of the Client with Administrative access are responsible for managing the access levels and deactivation of Employees they grant access to in accordance with clause 2.3 of the Terms of Service.
When a new account is set up, the new user is emailed to the registered email address with a pre- generated password. They must change the password at first login.
Password resets are performed only by the Employee User themselves - this is requested via the forgotten password link whereupon an email is sent to the user containing a secure link. The link is valid for 24 hours. When the link is clicked the user can enter a new password and regain access to their account.
Clients can optionally add 2FA for their Employee Users.
Clients can optionally add Single Sign On (SSO) for their Employee Users
Administrative access by Mention Me employees to the platform infrastructure is managed using accounts which have different permissions - least privilege for day to day access and full administrative access strictly limited when required.
All confidential data is stored using Encryption at Rest using AWS AES256 encryption.

1.4 Data separation

Measures that ensure that data collected for different clients and/or different purposes is processed separately:

We operate a multi-tenanted platform with strong application and business logic which separates individual client data sets. We use manual and automated techniques to QA this.
We use only anonymised data in our test and development environments.
Developers and administrators have segregated access to different environments.

1.5 Pseudonymization

We store personal data about your customers in three ways – to maintain a list of historical customers for the purpose of excluding existing customers from being rewarded as an advocate, to store customers who enrol in any of our programmes and to store potential customers who have been introduced who may go on to become the Clients’ customers when they first purchase and to keep track of purchase history and frequency to allow Mention Me to segment each Customer as appropriate and to store potential customers who have been introduced who may go on to become the Clients’ customers when they first purchase. The historical customer data is hashed using SHA256 with a shared secret salt so that it can be used only for the purpose of checking whether a potential customer is an existing one or not.

Where the Client chooses to send us this data in bulk, they can choose to pre-hash it using the same secret salt or in plaintext after which we will hash it and discard the original. The other data sets are stored encrypted at rest using AES256.

1.6 Data fidelity

You can provide us with feeds of data to keep our customer records in sync with your own, if you choose – for example to tell us about changes to customer personal data (e.g. email or name), to tell us about lapsed customers or to update customer identifiers.

1.7 Data retention

By default we keep personal data on your customers for the length of our contract together for the purpose of keeping track of referral and purchasing and (where applicable) retain performance and allowing your customer service team to view and act on the history of activity.

We apply different retention policies to different classes of data - we automatically expunge enrolled referrers who haven’t shared after 48 months and registered referees or other customers who haven’t spent a reward they were given after 24 months. We can vary the retention policies upon your request.

At the end of our contract we have measures in place to securely anonymize all the data on your customers expunging it from our systems.

At the end of their life any storage (e.g. laptop hard drives) are destroyed securely using a reputable industrial shredding company.

2. Measures to ensure integrity

2.1 Data transfer control

Measures which guarantee that confidential data cannot be read, copied, changed or removed during the electronic transmission or during their transport except by authorised users:

Data is always encrypted in transit using best practice https (TLS)
We receive data via https from tags on the client site or via SFTP (SSH) batch files
Where an ad-hoc transfer of confidential data is required (for example lists of reward vouchers or customer details for promotion) secure data is transferred from the client to Mention Me and vice versa via the secure document transfer mechanism within the PlatformMention Me platform which transfers the data via TLS.

2.2 Input control

Measures which guarantee that it can be subsequently checked and determined whether and by whom personal data have been entered, changed in or removed from the data processing systems:

Where a significant activity takes place (for example approving or declining a reward for a customer, unsubscribing a customer), a sensitive action audit log is kept detailing the change and the user who took the action. We keep these audit logs indefinitely and they are available for Clients’ to download and review.
We have logs of all system activity stored for 60 days and other subsets of activity stored for the duration of our contract.

3. Measures to ensure availability and capacity

3.1 Change control

New software, including changes to the existing software is tested thoroughly prior to release, including a review for security risks. Most new customer-facing features are developed as options that Clients can choose to add into their programmes or not.
Release notes for changes made are kept for reference.
Approval for such changes to be released is made by the Mention Me CTO or a member of the senior engineering team.
Changes made to the configuration of the platform and/or network are documented in a change management system and peer reviewed prior to deployment.
Patches to operating systems are applied on a weekly schedule. Emergency patches which are required because of zero-day exploits are reviewed and applied as quickly as possible. Our platform infrastructure is mostly ephemeral and built from the latest baselines, pre-hardened for our use-case each time we do a deployment (via Docker and ECS). This means that our platform is always up to date with the best practice AWS infrastructure baselines - and doesn’t need explicit patching. Where necessary elsewhere patches are applied on a weekly basis and critical patches as quickly as possible.

3.2 Availability control

We use AWS’s multi-zone capabilities to ensure that the loss of equipment in one physical location does not impact availability – equipment is spread over 3 physically separated locations in Ireland.
We monitor our systems for capacity and regularly load test a replica platform to ensure we can meet future demand. Our use of AWS and GCE allows us to scale horizontally to support large scale traffic spikes.
Our availability target is less than 2 hours of downtime per month.
Our recent availability scores are visible here: https://status.mention-me.com/
Logs are reviewed on an ad-hoc basis in the case of a discrepancy.
We have Business Continuity and Disaster Recovery plans which are tested annually

3.3 Fast recoverability

In most disaster scenarios our multi-zone configuration means we can recover fast from a failure. Our RTO is 12 hours.
We have point-in-time restores from the last 30 days available to recover so our RPO is 1 hour.
We have Business Continuity and Disaster Recovery plans which are tested annually

4. Measures for the regular evaluation of the security of data processing

We operate our ISMS according to ISO27001 including monthly audits, 6 monthly reviews and regular management oversight.
We report on security matters to our Board of Directors.
We have a formal security breach process which includes notifying affected clients within a 24 hour window of us identifying a breach. Logs of security incidents, including root cause analysis are kept and used to take preventative action in future.
Clients have the right to audit us and our processes.

Specific Interpretive Provisions

In this Agreement:

a) capitalised terms not defined herein shall have the meanings ascribed to them in the Client Agreement;

b) references to any Applicable Laws (including to the Data Protection Laws and each of them) and to terms defined in such Applicable Laws shall be replaced with or incorporate (as the case may be) references to any Applicable Laws replacing, amending, extending, re-enacting or consolidating such Applicable Law (including any new Data Protection Laws from time to time) and the equivalent terms defined in such Applicable Laws, once in force and applicable; and

c) a reference to a law includes all subordinate legislation made under that law.

Data Processing Provisions

Data Processor and Data Controller
1. Excluding Section 1.2, this Data Processing Agreement applies to the Processing of Protected Data by Mention Me as the Data Processor on behalf of Client as the Data Controller for the limited purposes identified in Appendix 1. For the purposes of the CCPA (and to the extent applicable), the Client shall be the "Business" and Mention Me shall be the "Service Provider" (as such terms are defined in the CCPA).
2. Notwithstanding Section 1.1, Client acknowledges that Mention Me is a Controller when it (a) uses Personal Data collected from or about a Data Subject for purposes other than those set out in Appendix 1, including (but not limited to) the administration of referrals and management of the influencer program; and (b) Processes or aggregates Personal Data relating to the operation, support, or use of the Services for its own business purposes, such as billing, account management, data analysis, benchmarking, technical support, feedback, product development, and compliance with laws.
3. Each of the parties shall comply with:
  1. their obligations under all Data Protection Laws in connection with the Processing of Protected Data, the Services and the exercise and performance of their respective rights and obligations under this Agreement, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and
  2. the terms of this Agreement.
4. The Client warrants, represents and undertakes, that:
  1. all data sourced by the Client for use in connection with the Services, prior to such data being provided to or accessed by Mention Me for the performance of the Services under this Agreement, shall comply in all respects, including in terms of its collection, storage and Processing, with Data Protection Laws;
  2. all instructions given by it to Mention Me in respect of Personal Data shall at all times be in accordance with Data Protection Laws including (to the extent applicable) the pursuit of Business Purposes as under the CCPA; and
  3. it is satisfied that Mention Me's Processing operations are suitable for the purposes for which the Client proposes to use the Services and engage Mention Me to Process the Protected Data.
5. Mention Me warrants and undertakes that it has, and will continue to have, sufficient expertise, reliability and resources to implement technical and organisational measures that meet the requirements of Data Protection Laws.
6. Nothing in this clause 1 shall exclude the liability of either party to the other for breach of any Data Protection Laws in relation to Protected Data as a result of negligence or lack of Appropriate Safeguards.
Instructions and details of Processing
1. Insofar as Mention Me Processes Protected Data on behalf of the Client, Mention Me:
  1. unless required to do otherwise by Applicable Law, shall (and shall take steps to ensure each person acting under its authority shall) Process the Protected Data only on and in accordance with the Client's documented instructions as set out in this clause 2 and Appendix 1 (Data Processing details), as updated from time to time in accordance with the Client's written instructions;
  2. if Applicable Law requires it to Process Protected Data other than in accordance with the Processing Instructions, shall notify the Client of any such requirement before Processing the Protected Data (unless Applicable Law prohibits such notification); and
  3. shall promptly inform the Client if Mention Me becomes aware of a Processing Instruction that, in Mention Me's opinion, infringes Data Protection Laws, provided that:
  4. (a) this shall be without prejudice to clauses 1.3; and
  5. (b) to the maximum extent permitted by mandatory law, Mention Me shall have no liability howsoever arising (whether in contract, tort (including negligence) or otherwise) for any losses, costs, expenses or liabilities (including any Data Protection Losses) arising from or in connection with any Processing in accordance with the Client's Processing Instructions following the Client's receipt of that information.
2. The Processing of Protected Data to be carried out by Mention Me under this Agreement shall comprise the Processing set out in Appendix 1 (Data processing details), as may be updated from time to time by written agreement between the parties.
Technical and organisational measures
1. Mention Me shall implement and maintain, at its cost and expense, the technical and organisational measures:
  1. in relation to the Processing of Protected Data by Mention Me, as set out in Appendix 2 (Technical and organisational measures); and
  2. taking into account the nature of the Processing, to assist the Client insofar as is possible in the fulfilment of the Client's obligations to respond to Data Subject Requests relating to Protected Data.
Using staff and other Processors
1. Mention Me shall not engage any Sub-Processor for carrying out any Processing activities except those listed in Appendix 1. If there is any addition, removal and/or change in a Sub-Processor Mention Me will give the Client 30 days' written notice to object to any addition, removal and/or change in Sub-Processor, after which time if Mention Me has not received any objection from the Client in writing then the Client will be deemed to have accepted the addition, removal and/or change. If the Client objects Mention Me has, at its discretion, the option to maintain the status quo, work with the Client for a solution or, at the discretion of Mention Me terminate the Agreement on 60 days' notice.
2. Mention Me shall:
  1. prior to the relevant Sub-Processor carrying out any Processing activities in respect of the Protected Data, appoint each Sub-Processor under a written contract containing obligations which are at least as onerous as under clauses 1 to 11 (inclusive) that is enforceable by Mention Me;
  2. ensure each such Sub-Processor complies with all such obligations; and
  3. remain fully liable for all the acts and omissions of each Sub-Processor as if they were its own.
3. Mention Me shall ensure that all persons authorised by it (or by any Sub-Processor) to Process Protected Data are subject to a binding written contractual obligation to keep the Protected Data confidential (except where disclosure is required in accordance with Applicable Law, in which case Mention Me shall, where practicable and not prohibited by Applicable Law, notify the Client of any such requirement before such disclosure).
4. In the event that the Client makes a request for Mention Me to send any data to another supplier of the Client (Third Party Processor), the Client acknowledges and agrees that the Third Party Processor shall be a Data Processor directly for the Client and shall not be a Mention Me Sub-Processor. Mention Me shall not be liable to the Client for any breaches of Data Protection Laws by a Third Party Processor. The Client warrants that any such instructions to send data to the Third Party Processor shall comply with Data Protection Laws.
Assistance with the Client's compliance and Data Subject rights
1. Mention Me shall refer all Data Subject Requests it receives to the Client without undue delay following receipt of the request.
2. Mention Me shall provide such reasonable assistance as the Client reasonably requires (taking into account the nature of Processing and the information available to Mention Me) to the Client in ensuring compliance with the Client's obligations under Data Protection Laws with respect to:
  1. security of Processing;
  2. data protection impact assessments (as such term is defined in Data Protection Laws);
  3. prior consultation with a Supervisory Authority regarding high risk Processing; and
  4. notifications to the Supervisory Authority and/or communications to Data Subjects by the Client in response to any Personal Data Breach.
International data transfers
1. Any transfer by Mention Me of Protected Data to an International Recipient shall be effected by way of Appropriate Safeguards as described in Articles 45-49 of the UK GDPR and in accordance with Data Protection Laws.
Records, information and audit
1. Mention Me shall maintain, in accordance with Data Protection Laws binding on Mention Me, written records of all categories of Processing activities carried out on behalf of the Client.
2. Mention Me shall, in accordance with Data Protection Laws, make available to the Client such information as is reasonably necessary to demonstrate Mention Me's compliance with its obligations under Article 28 of the UK GDPR (and under any Data Protection Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by the Client (or another auditor mandated by the Client) for this purpose, subject to the Client:
  1. giving Mention Me reasonable prior notice of such information request, audit and/or inspection being required by the Client;
  2. ensuring that all information obtained or generated by the Client or its auditor(s) in connection with such information requests, inspections and audits is kept strictly confidential (save for disclosure to the Supervisory Authority or as otherwise required by Applicable Law);
  3. ensuring that such audit or inspection is undertaken during normal business hours, with minimal disruption to Mention Me's business.
3. The Client's right to audit under this clause 7 may only be exercised once in any consecutive 12 month period, unless otherwise required by a Supervisory Authority or if the Client (acting reasonably) believes Mention Me is in breach of this Data Processing Agreement.
Breach notification
1. In respect of any Personal Data Breach involving Protected Data, Mention Me shall, as soon as practicable (and in any event within 24 hours of becoming aware of the Personal Data Breach):
  1. notify the Client of the Personal Data Breach; and
  2. provide the Client with details of the Personal Data Breach and all reasonable assistance which the Client may require.
Deletion or return of Protected Data and copies
1. Mention Me shall, at the Client's written request, either delete or return all the Protected Data to the Client in such form as the Client reasonably requests within a reasonable time after the earlier of:
  1. the end of the provision of the relevant Services related to Processing; or
  2. once Processing by Mention Me of any Protected Data is no longer required for the purpose of Mention Me's performance of its relevant obligations under this Agreement,
  and delete existing copies (unless storage of any data is required by Applicable Law and, if so, Mention Me shall inform the Client of any such requirement).
Liability, indemnities and compensation claims
1. Mention Me shall be liable for Data Protection Losses (howsoever arising, whether in contract, tort (including negligence) or otherwise) under or in connection with this Agreement:
  1. only to the extent caused by the Processing of Protected Data under this Agreement and directly resulting from Mention Me's breach of this Agreement;
  2. in no circumstances to the extent that any Data Protection Losses (or the circumstances giving rise to them) are contributed to or caused by any breach of this Agreement by the Client (including in accordance with clause 2.1.3(b)); and
  3. subject to any limits on its liability contained in the Client Agreement.
2. The Client shall indemnify and keep indemnified Mention Me in respect of all Data Protection Losses suffered or incurred by, awarded against or agreed to be paid by, Mention Me and any Sub-Processor arising from or in connection with any:
  1. non-compliance by the Client with the Data Protection Laws; or
  2. breach by the Client of any of its obligations under this Data Processing Agreement, except to the extent Mention Me is liable under clause 10.1.
3. If a party receives a compensation claim from a person relating to Processing of Protected Data, it shall promptly provide the other party with notice and full details of such claim. The party with conduct of the action shall:
  1. make no admission of liability nor agree to any settlement or compromise of the relevant claim without the prior written consent of the other party (which shall not be unreasonably withheld or delayed); and
  2. consult fully with the other party in relation to any such action, but the terms of any settlement or compromise of the claim will be exclusively the decision of the party that is responsible under this Agreement for paying the compensation.
4. This clause 10 is intended to apply to the allocation of liability for Data Protection Losses as between the parties, including with respect to compensation to Data Subjects, notwithstanding any provisions under Data Protection Laws to the contrary, except:
  1. to the extent not permitted by Applicable Law (including Data Protection Laws); and
  2. that it does not affect the liability of either party to any Data Subject.
Survival of data protection provisions
1. Notwithstanding the termination (for any reason) or expiry of this Agreement:
  1. clauses 9 to 11 (inclusive) shall survive and continue indefinitely; and
  2. clauses 1 to 8 (inclusive) shall survive and continue until 12 months following the earlier of the termination or expiry (as applicable),
  provided always that any termination or expiry of clauses 1 to 8 (inclusive) shall be without prejudice to any accrued rights or remedies of either party under any such clauses at the time of such termination or expiry.

Terms of Service

Terms of Service

The Services

Client Responsibilities

Fees and Payment

Intellectual Property

Data Protection

Liability

Confidentiality

Free Trials

Term and Termination

General

Data Protection

Client Responsibilities

Data Protection

Appendix 1

Appendix 2

1. Measures taken to ensure confidentiality

2. Measures to ensure integrity

3. Measures to ensure availability and capacity

4. Measures for the regular evaluation of the security of data processing

Specific Interpretive Provisions

Data Processing Provisions

Data Processor and Data Controller

Instructions and details of Processing

Technical and organisational measures

Using staff and other Processors

Assistance with the Client's compliance and Data Subject rights

International data transfers

Records, information and audit

Breach notification

Deletion or return of Protected Data and copies

Liability, indemnities and compensation claims

Survival of data protection provisions