ARTICLE I. DEFINITIONS
Application: refers to the application developed by Bastion and available at the following address: https://app.bastion.tech. The Application is intended to carry out vulnerability checks on the technological data of Companies, and offer cybersecurity solutions to remediate.
Company: refers to the legal entity for which the vulnerability scan was performed;
Personal Space: refers to the virtual space allocated to the User at the time of registration and accessible by entering his/her Personal Identifiers on the Application. The Personal Space allows access to all the Application's functionalities offered to the User;
Functionalities: refers to all the functionalities of the Application offered to the User, such as, in particular, the technological data vulnerability scan, the data vulnerability report, the data leakage report, the mapping of the User's network infrastructure and their vulnerability, the personalised list of actions to be taken to reduce the risk of vulnerability, and the archiving of the corresponding summary form;
Personal Identifiers: refers to the data necessary for the creation and accessibility by the User of his Personal Space, i.e. a professional e-mail address and a password;
Parties: refers to Bastion and the User;
Services: refers to all the features and services offered by Bastion via the Application and the Site;
Site: shall designate the Bastion Internet site accessible at the following address: https://www.bastion.tech;
Bastion: refers to Bastion, a simplified joint stock company with a capital of 12000,00 euros, having its registered office at 65 Rue de la Croix, Nanterre, registered under 921 179 925 . Bastion is acting as creator, publisher and developer of the Site and the Application and as a provider of Services;
User: means any legal representative or employee of the Company using the Services.
ARTICLE II. LEGAL NOTICES
2.1 Legal notice relating to the Site
The Site is edited by Bastion.
The Director of the publication is Arnaud Fournier.
2.2 Legal notice concerning the Application
The Application is edited by Bastion.
The Director of the publication is 921179925.
The Application is hosted by AWS and Google.
Furthermore, Bastion is a producer of databases under Article L.343.1 et seq. of the French Intellectual Property Code. The databases established by Bastion are protected by copyright and by the law of 1er July 1998 transposing the European directive of 11 March 1996 on the legal protection of databases into the Intellectual Property Code.
It is specified that the servers of the databases produced by Bastion as well as its infrastructure are hosted by Amazon Web Services (AWS), Google Cloud platform in the EU.
ARTICLE III. PURPOSE
Bastion offers an application for company managers, particularly small and medium-sized enterprises (SMEs), which provides security product .
The purpose of the Application is to identify, in a simple and automated way, all the vulnerabilities of a given company's technological infrastructure
The purpose of these GTU is to define the terms and conditions of use of the Services, as well as the rights and obligations of the Parties in this context.
The GTU are accessible and printable at any time, by means of a link located on the Site, allowing them to be displayed on a separate web page. The GTU are also available on the Application when the User registers.
They may be supplemented, if necessary, by special conditions related to certain Services. In the event of contradiction, the special conditions shall prevail over the GTU.
These GTU may be subject to subsequent modifications. The version applicable to the User is the one in force on the Site and on the Application at the date of use of the Services.
ARTICLE IV. SCOPE AND ACCEPTANCE
Access to and use of the Site and the Application are subject to compliance with these GTU. Consequently, any access to and/or use of the Site, the Application and more generally of all the Services, imply compliance with all the terms of these TOU and their unconditional acceptance.
These GTU are concluded between the User and Bastion for an indefinite period.
ARTICLE V. APPLICATION SERVICES
5.1. Registration on the Application
Creating a Personal Space
The Application is a web-based application accessible through an internet connection and a web browser. The use of the Application does not require any download or installation on any device whatsoever. The Application runs on any operating system and is suitable for any computer device, including, but not limited to, computers, mobiles and tablets.
Registration on the Application by a User is compulsory in order to be able to access his/her Personal Space and use the Services. It is done by filling in a professional e-mail address and by defining a password.
The Personal Space is strictly personal. The User undertakes to use the Services personally and not to allow any third party to use them in his place or on his behalf.
The User is deemed to be authorised to act on behalf of his Company, for strictly professional purposes and uses.
Bastion reserves the right to suspend, restrict, refuse or revoke access to the User's account and the Application at any time and for any reason whatsoever.
Closure of the Personal Space by the User
The User may, at any time and at no cost, close his or her Personal Space by clicking on the "Delete" button available in the "Settings" menu in the Application.
Closure of the User's Personal Space by Bastion
Bastion may, at its sole discretion, close the User's Personal Space, provided that it informs the User of this in advance by email, stating the reason for its decision.
In accordance with article 6.3 of the GTU, the User is responsible for the confidentiality and security of his Personal Identifiers allowing his authentication on the Application.
5.2 Launch of the technology data vulnerability scan
When the User registers on the Application, the vulnerability scan of the Company's technological data is automatically launched via a remote procedure call on the Application's servers.
The average duration of a technology data vulnerability scan is four (4) hours. The scan is based on the Company's publicly available databases, such as passwords, emails and Internet Protocol (IP) addresses of its employees.
The scan does not prevent any use of the User's computer device or the Company's computer devices and/or infrastructure on which the technological data vulnerability scan is performed.
It is specified, where necessary, that the vulnerability scan of technological data is carried out free of charge.
5.3 Analysis of the results of the technology data vulnerability scan
When the vulnerability scan of the technological data described above is completed, each User will be able to access a certain number of Functionalities from their Personal Space. These Features summarise the results of the vulnerability scan and present them in different tabs.
In general, Bastion reserves the right to offer any other Functionality that it deems useful, according to the technical means that it deems most appropriate.
It is also specified that, in the context of the Functionalities, the vulnerabilities are qualified on the basis of the international MITRE standard.
ARTICLE VI. OBLIGATIONS OF THE USER
6.1 Access to the Site, the Application and the Services
The User declares to know and understand:
• the internet network and its limitations, in particular its functional characteristics and technical performance;
• the risks of interruption of the internet network;
• the existence of response times for consulting, querying or transferring information;
• the risks inherent in any data transfer.
It is the responsibility of the User to equip him/herself appropriately, particularly in terms of computing and electronic communications, to access the Site, the Application and the Services. It is also up to the User to take all appropriate measures to protect him/herself and Bastion against any attack or damage that may affect the data or content stored on the Application and the Site. Bastion is not responsible for the computer media of the User and the Company.
All costs and authorisations required for connection, access and use of the Application, the Site and the Services are and remain the responsibility of the Company.
6.2 Use of the Application
The User declares that he/she is aware and understands that the use of the Application, and more specifically the technological data vulnerability scan, will initiate a connection procedure to the Company's publicly accessible databases.
The User acknowledges and understands that the duration of the Technology Data Vulnerability Scan is approximately four (4) hours but may vary depending on several factors, such as, but not limited to, the number of publicly accessible Company databases and the volume of data associated with them.
The User undertakes to use the Site, the Application and the Services made available by Bastion in accordance with these GTU, the specific conditions for certain Services as well as the laws and regulations in force.
When using the Site, the Application and the Services, the User undertakes in particular not to use, or allow third parties to use, the Site, the Application and the Services for the following purposes:
• Contrary to public order and morality;
• Abusive, defamatory, racist, xenophobic, homophobic, revisionist or damaging to the honour or reputation of others;
• Incitement to discrimination or hatred of a person or group of persons because of their origin, sexual orientation, membership or non-membership of a particular ethnic group, nation, race or religion;
• Threatening a person or group of people;
• Degrading or injurious to the human person or his integrity;
• The commission of a misdemeanour, felony or act of terrorism or the glorification of war crimes or crimes against humanity;
• Allowing the rights of others and the safety of persons and property to be infringed;
• And, more generally, to use them in any way to enable the above actions.
In particular, the User also undertakes, without this list being limitative, to:
- Have the necessary authorisation to use the Services in the name and on behalf of the Company;
Inform Bastion as soon as possible of any damage or malfunction of the Site or the Application at the following address: firstname.lastname@example.org;
- Not to damage, vandalize, or otherwise interfere with the use of the Site or the Application;
- Not to deface, modify, disassemble, or generally alter in any way whatsoever the Site, the Application or all or part of the Services;
- Do not use any robot, "bot", "spider", "crawler" or any other automatic means or interface to access the Services, or to extract information about other Users;
- Not to use the Services and in particular the Site and the Application for advertising or similar commercial purposes;
- Not to use any software or other device to interfere or attempt to interfere with the proper working of the Site or the Application by any means whatsoever;
- Not to hinder the proper functioning of the Site, the Application and the Services in any way whatsoever, in particular by transmitting any element likely to contain a virus or malicious program likely to damage or affect the Application, the Site and the Services and, more broadly, any component of the infrastructure and solutions of Bastion;
- Not to alter, modify or degrade the Site, the Application or the software codes constituting them;
- Not to take any action that may result in unreasonable or disproportionate traffic on the Site or Application or on any infrastructure linked to the Site or Application;
- Not to obtain unauthorised access to one of Bastion's networks or to its computer system, by any means whatsoever;
- Not to decompile (reverse engineer), disassemble or otherwise reduce the code used in any software on the Site and the Application into a readable form in order to examine its structure and/or to copy or create other software based, in whole or in part, on that software, except for the applicable mandatory legal exception as provided for in Article L.122-6-1 IV of the French Intellectual Property Code;
- Do not use meta tags or any other hidden text containing the name Bastion without its specific prior written consent;
- Not to include any hypertext link to the Site or the Application by framing or automatic hyperlinks ("in-line linking") or deep linking.
Finally, in general, the User undertakes to comply with all the regulations in force applicable in France.
6.3 Security of the Personal Space
Registration on the Application entails the creation of a Personal Space accessible by means of the Personal Identifiers provided by the User. The User's Personal Identifiers are strictly personal and confidential.
In this respect, the User undertakes to:
- Keep your Personal Identifiers secret;
- Not to communicate its Personal Identifiers to third parties in any form whatsoever;
- Not to allow access to its Personal Space by third parties;
- Assume sole responsibility for the consequences of any disclosure or compromise of its Personal Identifiers in violation of this Agreement;Inform Bastion without delay of any compromise, loss or anomaly observed in their Personal Identifiers.
- Failing this, and unless there is proof to the contrary, any connection, use of the Services, transmission of bank data and transactions carried out by means of the User's Personal Identifiers will be deemed to have originated from the User and will be under the User's exclusive responsibility.
To be taken into account, the User's complaints must be sent by e-mail to the following address: email@example.com.
In the event that the User discloses his/her Personal Identifiers to a third party, Bastion cannot be held responsible for any fraudulent use of the Personal Space. The User shall be solely responsible for the disclosure of its Personal Identifiers.
The User is also responsible for all activities that take place on his Personal Space, including the use of the Services.
The User undertakes, in the event of fraudulent use of their Personal Space or any breach of security of their Personal Space of which they are aware, to immediately notify Bastion at the following address: firstname.lastname@example.org.
Upon receipt of the aforementioned notification, Bastion will interrupt access to the User's Personal Space as soon as possible in order to put an end to the fraudulent use of the Services. This action will also prevent the User from accessing their Personal Space. It is specified that Bastion's response time, although not immediate, will be as soon as possible after receiving the notification.
ARTICLE VII. RESPONSIBILITY OF THE USER
7.1 User guarantees
The User guarantees Bastion against any complaints, claims and/or actions that Bastion may suffer as a result of the User's breach of any of their obligations or guarantees under the terms of these GTU.
They undertake to compensate Bastion for any prejudice it may suffer and to pay all costs, including defense costs, charges and/or fines that it may have to bear as a result.
The use of the Site, the Application and the Services is made under the sole and entire responsibility of the User. As such, the User assumes full responsibility for the risks of loss associated with the use of the Services, the Application and/or the Site.
Consequently, it is up to the User to take all appropriate measures to protect the data, files or programs stored in his system.
The User is also solely responsible for the compatibility of its hardware, programs and software or its Internet network with the Site or the Application, which are designed to work with recent versions of the following web browsers: Safari, Google Chrome, Mozilla Firefox and Microsoft Edge.
In the event of non-compliant use or illicit exploitation of the Application, the Site or the Services, the User is solely responsible for any damage caused to the Company or to third parties and for the consequences of any claims or actions that may result from this.
The User undertakes, at Bastion’s first request, to indemnify and compensate Bastion for any damage, loss, or loss of profit that it may suffer if Bastion is held liable by the Company or a third party due to an action linked to this use by the User.
The User also waives any recourse against Bastion in the event of legal action taken by the Company or a third party against him/her due to the non-compliant use and/or illicit exploitation of the Application, the Site or the Services.
ARTICLE VIII. USER’S RIGHTS ON HIS PERSONAL DATA
ARTICLE IX. RESPONSIBILITIES OF BASTION
Bastion undertakes to make its best efforts to provide the Services, to ensure the proper functioning of the Site, the Application and the Functionalities, within the limits of responsibility of the present GTU.
Bastion is only bound to the User by an obligation of means and does not provide any guarantee, express or implied, including any guarantee of quality and suitability for a particular use of the Services provided to the User, subject to the legal guarantees of conformity and against hidden defects.
In particular, Bastion does not guarantee either the User or the Company that the list of vulnerabilities identified by the technological data vulnerability scan is exhaustive. Similarly, Bastion does not guarantee either the User or the Company that all of the Company's infrastructures have been analysed by the technological data vulnerability scan.
Bastion assumes no responsibility for material errors or inaccuracies on the Site or the Application, for damage to property or infrastructure resulting from access to the Site and the Application, from the use of the Services, from unauthorised access to or use of the servers or personal or financial information stored on them, from the interruption of the Services, from the transmission of viruses or any similar element to or by the Site or the Application due to third parties, or from the loss of data placed on the Application.
Bastion is not liable for any indirect damage resulting from transactions carried out on the Application, including any damage of an economic nature, in particular, without limitation, loss of income or profits, regardless of the legal basis. Furthermore, Bastion is not liable for any indirect damage resulting from improper use or illicit exploitation of the Site or the Application.
In any case, Bastion's liability towards the User or the Company for any claim arising from the present document or from the use of the Site or the Application is limited to the total amount paid by the Company to Bastion for the Services that gave rise to the claim. It is specified that the claim must be made within the legal prescription period.
Subject to the occurrence of the following events, or any case of force majeure, change in applicable regulations preventing the operation of the Application, the Site or the Services, the Application and the Site are accessible twenty-four hours a day (24 h) and seven (7) days a week (7). Bastion declines, however, all responsibility, without this list being restrictive:
- In case of interruption for technical maintenance or updating of the published information;
- In the event of temporary impossibility of access due to technical problems, whatever their origin and provenance;
- In the event of unavailability, overloading or any other cause preventing the normal functioning of the Internet network used to access the Site or the Application;
- In the event of contamination by any computer viruses circulating on the network;
- More generally, in the event of direct or indirect damage caused to the User or the Company, whatever its nature, resulting from access to or use of the Site or the Application, including by the User;
- In case of abnormal use or illicit exploitation of the Site or the Application;
- In the event of loss by the User of his/her login and/or password or in the event of usurpation of his/her identity.
It is furthermore specified that maintenance work and/or updates to the Site or the Application may be carried out without prior notice to the User.
9.2 Content of the Website and the Application
Despite the great care taken in creating and updating the Site and the Application, Bastion cannot provide any guarantee, express or tacit, concerning the information contained on the Site and the Application of which it is the author.
Consequently, Bastion cannot be held responsible for any damage, direct or indirect, resulting from any errors, inaccuracies or omissions in the information contained on the Site or the Application.
Furthermore, the photographs and illustrations on the Site are for information purposes only and in no way commit Bastion contractually.
9.3 Force majeure
Bastion shall not be held responsible, or considered to have failed to comply with these GTU, for any delay or whose cause is linked to a case of force majeure, as defined by article 1218 of the French Civil Code and the case law of the French courts, including, without limitation, the interruption, suspension, reduction or disruption of electricity or any interruption of electronic communication networks or in the event of events beyond its control.
In addition to the disclaimers provided for herein, Bastion cannot be held responsible for the unavailability of networks that are not under its direct control.
ARTICLE X. DURATION AND TERMINATION
The Services are subscribed to from the date of registration on the Application.
The User may terminate the subscription by clisking ‘delete account’ on its personal page
or by sending an e-mail to the following address: email@example.com with acknowledgement of receipt or by registered letter with acknowledgement of receipt to the following postal address Bastion SAS, 63 rue de la croix, 92000 Nanterre.
ARTICLE XII. APPLICATION DATA
The User expressly acknowledges and agrees that :
- The data collected on the Application are proof of the reality of the operations carried out within the framework of the present;
- The said data constitutes the main method of proof accepted between Bastion and the User, in particular for the calculation of sums due to Bastion.
The User can access this data directly on the Application.
ARTICLE XIII. SANCTIONS FOR NON-COMPLIANCE
In the event of failure to comply with any of the provisions of these terms and conditions, or more generally, of infringement of the laws and regulations in force, by the User, Bastion reserves the right to:
- Suspend or remove the access to the Services of the User, author of the breach or infringement, or having participated in it;
- Delete any content related to the breach or infringement in whole or in part;
- Take all appropriate measures and initiate any legal action;
- To notify, where appropriate, the competent authorities, to cooperate with them and to provide them with all information relevant to the investigation and prosecution of illegal or unlawful activities.
ARTICLE XIV. MODIFICATIONS
Bastion reserves the right to change the Site, the Application and the Services at any time.
Bastion reserves the right to change the terms, conditions and mentions of these GTU at any time. They may also be supplemented by new contractual conditions, particularly in the event of technical, legal or jurisprudential developments or when new services and features are introduced.
It is hereby specified that the GTU applicable to the User shall be those in force on the Site and/or the Application at the date of use of the Services by the latter. The User will be informed of these modifications as soon as he/she connects to the Application for the first time following the update of the said GTU.
Any User who uses the Services after the entry into force of the modified GTU is deemed to have accepted these modifications.
ARTICLE XV. INTELLECTUAL PROPERTY
The presentation and content of the Site and the Application together constitute a work protected by the laws in force relating to intellectual property, which Bastion owns.
Bastion grants the User a limited, royalty-free, non-exclusive, personal, revocable and non-transferable licence to use the Application for professional and non-commercial purposes, subject to compliance with these GTU.
Any reproduction, in whole or in part, is strictly forbidden and is likely to constitute an infringement of copyright, except with prior written authorisation from Bastion, at its sole discretion.
The texts, images, drawings, graphic charter as well as the source codes and object codes of the Site and the Application are protected by intellectual property law. It is forbidden to copy, extract, distribute or modify the content of the Site and the Application for any reason whatsoever and in particular for commercial purposes. The downloading and printing of texts, images and graphic elements are authorised for private and non-commercial use only. The reproduction of drawings, images, sound documents, video sequences and texts in other electronic or printed publications is prohibited without the prior written consent of Bastion, at its sole discretion.
Failure to obtain authorisation is punishable by the offence of counterfeiting.
The trademarks and logos appearing on the Site or the Application are registered and protected trademarks. Any total or partial reproduction of the trademarks and/or logos present on the Site or the Application made from elements of the Site or the Application without the express authorisation of Bastion constitutes an infringement punishable by articles L.713-2 et seq. of the French Intellectual Property Code.
15.3 Users' suggestions, proposals and recommendations
In the event that a User decides to communicate to Bastion a suggestion, a proposal of ideas or recommendations intended to improve the Services or Features, the User acknowledges and agrees to grant Bastion a licence to use these suggestions, proposals or recommendations. It will allow Bastion to integrate these suggestions or proposals into its Services and Functionalities and, more generally, to exploit them without restriction, without identifying the User and without his prior agreement.
ARTICLE XVI. SPECIFIC CONDITIONS OF USE OF THIRD-PARTY PLATFORMS AND TOOLS
In addition to these GTU, the User agrees to comply with the terms and conditions of the services of the platforms providing access to the Site and the Application as well as those of the third-party tools used by the Application. The general terms and conditions of the services of the above-mentioned platforms and third-party tools are available on their websites.
The use of these third-party platforms and tools by Users leads to the collection and processing of personal data for which Bastion cannot be considered to be the data controller as defined by the amended law n°78-17 of 6 January 1978 relating to information technology, files and freedoms. The data controllers in this case are designated by the platforms and third-party tools concerned.
16.2 Third-party tools
STRIPE and GOCARDLESS operate the Application as an online payment solution and limit the processing of the User's .personal data to the functions and purposes strictly necessary for the provision of the Services
The User who wishes to subscribe from the Application accepts the general terms and conditions of use of STRIPE or GOCARDLESS services, depending on the solution used.
Electronic signature solution
HELLOSIGN uses the Application as an electronic signature solution and limits the processing of the User's personal data to the functions and purposes strictly necessary for the provision of the Services.
ARTICLE XVII. HYPERTEXT LINKS
Bastion specifies that the use of hypertext links may lead the User to other websites or applications, independent of the Site or the Application. Bastion cannot be held responsible for hypertext links to other sites or applications from the Site or the Application.
Similarly, the insertion of hypertext links to all or part of the Site and/or the Application is authorised, on a non-exclusive basis and may be revoked at any time, without Bastion having to provide any justification, and on condition that this link does not create a misleading, false, pejorative or prejudicial character with regard to the Site and/or the Application. Under this authorisation, Bastion reserves the right to object.
Bastion cannot be held responsible for any direct, indirect or incidental damage resulting from accessing or using information from third-party sites.
ARTICLE XVIII. AGREEMENT ON EVIDENCE
The User acknowledges and agrees to subscribe to these GTU in electronic format and to receive all documentation relating to them in this same format, either by e-mail or on his Personal Space. The User acknowledges that these GTU, concluded electronically and established on a durable medium within the meaning of the regulations, have the same evidential value as a written document on paper.
By express agreement between the Parties, all electronic records - including, but not limited to, data transmitted by the User, connection data relating to actions carried out from the Personal Space, data relating to the use of the Application and collected from the Personal Space and emails - constitute proof of the actions and operations carried out by the User on the Application. The Parties agree that these electronic records are admissible in court and are proof of the data and facts contained therein.
In the event of disagreement, the electronic records produced by Bastion will prevail over those produced by the User, unless the User demonstrates the lack of reliability or authenticity of the documents produced by Bastion.
ARTICLE XIX. INDEPENDENCE OF CLAUSES
If any part of these GTU is found to be void, invalid or unenforceable for any reason, the term or terms in question shall be declared non-existent and the remaining terms shall retain their full force and effect and continue to be enforceable. The terms declared non-existent would then be replaced by the terms that most closely resemble the content and meaning of the cancelled clause.
ARTICLE XX. CUSTOMER RELATIONS AND COMPLAINTS HANDLING
Bastion's customer service is available:
- Or by telephone on the following number: +33 6 44 60 70 30, open from Monday to Friday (excluding public holidays) from 8 a.m. to 10 p.m;
- Or by e-mail to the following address: firstname.lastname@example.org.
The service is available in English and French.
If the User is not satisfied following exchanges with Bastion's customer service, he/she may submit a complaint. The User must state the facts and provide the previous exchanges with customer service. Any complaint relating to the Services or to these GTU must be addressed by the User to Bastion, indicating "complaint" in the subject line, at the above-mentioned email address.
The customer service department undertakes to acknowledge receipt of any complaint submitted by the User within twenty-four (24) hours of its receipt.
Notwithstanding the above provisions, if the customer service department reasonably believes that it will not be able to give the User a response within twenty-four (24) hours, it will send a holding reply to the User clearly stating the additional time required to respond to the complaint and specifying the maximum date by which the User will receive a response to the complaint notified to Bastion.
ARTICLE XXI. APPLICABLE LAW AND JURISDICTION
These GTU - of which only the French language version shall prevail - and all matters relating thereto shall be governed by and construed in accordance with French law exclusively.
Unless otherwise stipulated, any dispute relating to the interpretation, validity and/or performance of these GTU, if not resolved amicably between the Parties, shall be subject to the exclusive jurisdiction of the courts attached to the Court of Appeal of Paris, including for procedures aimed at obtaining emergency or protective measures, in summary proceedings or on petition.
ARTICLE XXII. FINAL PROVISIONS
These GTU shall remain in full force and effect regardless of any changes that may be made to the structure and legal personality of Bastion, in particular in the event of a merger, takeover or split, whether or not a new legal entity is created.
Unless expressly provided otherwise, these GTU express the entirety of the agreements between the Parties relating to the Services. It cancels and replaces all other verbal or written agreements, of any nature whatsoever, which may have been previously made between them and relating to the same subject.