By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept

Terms & Services

The GCU below do not take precedence over the French GCU available on the French version of the website. Please consider reading them first.

 

1. Identification of the Company

Bastion Technologies (the"Company" or "Bastion Technologies") is asimplified joint-stock company, registered with the Nanterre Trade andCompanies Register under number 921 179 925, whose registered office is locatedat 65 rue de la Croix Nanterre, 92000.

Bastion Technologies canbe contacted at the following coordinates:

- e-mail address:contact@bastion.tech,

- Phone number +33 1 8948 02 97.

2. Services offered

Bastion Technologiespublishes a solution (the "Solution") intended for itscorporate customers (the "Customers") aimed at protectingagainst cybersecurity risks (the "Services").

3. Contractual documents

The contractualrelationship between the Client and Bastion Technologies is governed, indescending hierarchical order, by the following documents:

1. Function of the Termsand Conditions

The general terms andconditions (the "General Terms and Conditions") constitute thesole document governing Bastion Technologies' contractual relationship with theClient and define:

- the terms of use of itsServices,

- the respectiveobligations of the parties.

2. Location of Terms andConditions

The Client can find themvia a direct link at the bottom of the page of the Platform.

3. Terms and conditionsof acceptance of the General Terms and Conditions

The Client accepts theTerms and Conditions by ticking a box in the registration form. If he/she doesnot accept the Terms and Conditions in full, he/she may not access theServices.

They may be supplementedby specific conditions, which, in the event of contradiction, prevail over theGeneral Terms and Conditions.

4. Conditions of access to the Services

(i) The Client is alegal entity acting through a natural person with the power or authorityrequired to contract in the name of and on behalf of the Client.

(ii) The Client hasthe status of a professional, understood as any natural or legal personacting for purposes falling within the scope of his commercial, industrial,artisanal, liberal or agricultural activity, including when he acts in the nameor on behalf of another professional.

5. Terms and conditions of access and subscription to the Services

The Client can access theServices by going directly to the Platform.

To subscribe to theServices, the Client must contact the sales department at the e-mail address contact@bastion.tech or through the registration form available onthe website: https://app.bastion.tech/

The Client must provideBastion Technologies with all the information marked as mandatory It is markedwith an asterisk in the registration form.

Registrationautomatically results in the opening of an account in the name of the Customer(the "Account") which allows the Customer to access theServices using its login ID and password.

Once the Client's Accounthas been created, it may freely create access for users (the "Users")within the limit of the number provided for in the subscribed Services.

The Client is solelyresponsible for creating access for Users and for their personal use of thePlatform.

6. Description of the Services

6.1. The Services

The Client acknowledgesthat the implementation of the Services requires being connected to theinternet and that the quality of the Services depends on this connection, forwhich Bastion Technologies is not responsible.

The Services to which theClient has subscribed are described on the Site. Bastion Technologies offers:

- An audit of theCustomer's external surface to identify vulnerabilities and configurationissues resulting in an actionable remediation plan;

- Immediate detection ofdata leaks and dark web monitoring;

- Training for theClient's employees on cybersecurity (interactive chatbot, cyber maturity tests,automated reports, implementation of phishing scenarios, etc.);

- Real-time emailprotection via artificial intelligence technology;

- Web browsing security(proactive threat prevention, continuous monitoring of risky sites, etc.);

- Cloud applicationprotection, including continuous attack detection and instant remediation.

6.2. Additional services

6.2.1Maintenance

The Client benefits frommaintenance, including corrective and evolutionary maintenance, during theduration of the Services. In this context, access to the Platform may belimited or suspended.

Regarding correctivemaintenance, Bastion Technologies makes its best efforts to provide theCustomer with corrective maintenance in order to correct any malfunction or bugfound on the Platform.

Regarding evolutionarymaintenance, the Client benefits during the duration of the Services fromevolutionary maintenance, which Bastion Technologies may carry outautomatically and without prior information, and which includes improvements tothe functionalities of the Platform, the addition of new functionalities and/ortechnical installations used within the framework of the Platform (aimed atintroducing minor or major extensions).

Updates are madethroughout the term hereof.

By accepting these Terms,the Client agrees that the installation of the updates necessary for theServices to remain compliant, i.e. that the Services can continue to be used inaccordance with what has been agreed between the parties and what the Clientexpected from them when subscribing, will be automatic.

Access to the Platformmay also be limited or suspended for reasons of planned maintenance, which mayinclude the above-mentioned corrective and evolutionary maintenance operations.

6.2.2Accommodation

Bastion Technologiesensures, under the terms of an obligation of means, the hosting of thePlatform, as well as the data produced and/or entered by/on the Platform,through a professional hosting provider, and on servers located in a territoryof the European Union.

6.2.3Technical Assistance

In the event of anydifficulty encountered during the use of the Services, the Client may contactBastionTechnologies by chat on the Application or at the following address: support@bastion.tech

The technical assistanceservice is available from Monday to Friday, excluding non-working days orpublic holidays, from 9 a.m. to 6 p.m. Depending on the identified need,Bastion Technologies will estimate the response time and keep the Clientinformed.

7. Duration of subscription to the Services

Customer may choose toreceive a free 7-day trial of the Solution.

At the end of this trialor if the Customer does not wish to benefit from the said trial, the Customersubscribes to the Services in the form of an annual or monthly subscriptiondepending on the feature pack chosen (the "Subscription").

The Subscription beginson the day it is subscribed for an initial period indicated on the Platform.

The Subscription istacitly renewed, for successive periods of the same duration as the initialperiod (together with the initial period, the "Periods"), fromdate to date, unless the Subscription is terminated in the terms of the "Endof Services" article.

8. Financial conditions of Bastion Technologies

8.1. Prices of the Services

The prices of theServices to which the Client has subscribed are indicated on the Platform.

Any Period that has beencommenced is due in full.

Bastion Technologies'prices may be revised at any time under the conditions of the article "Modificationof the General Terms and Conditions".

8.2. Bastion Technologies' invoicing and payment terms

Bastion Technologiessends the Client an invoice per Period by any useful means.

Payment is made by directdebit when the Subscription is taken out, then at each renewal in the case ofan annual subscription or monthly from the date of subscription in the case ofa monthly subscription.

The Client guaranteesBastion Technologies that it has the necessary authorisations to use thispayment method.

8.3. Consequences in the event of late or non-payment

In the event of defaultor late payment, Bastion Technologies reserves the right, as of the day afterthe due date shown on the invoice, to:

- immediately suspend theServices in progress until the payment of all sums due,

- charge for its benefitlate payment interest equal to 3 times the legal interest rate, based on theamount of the sums not paid by the due date and a lump sum compensation of EUR40 in respect of recovery costs, without prejudice to additional compensationif the recovery costs actually incurred are higher than this amount,

- where applicable,pronounce the forfeiture of the term of all the sums owed to it by the Clientand their immediate exigibility.

9. Intellectual Property Rights

The Platform is theproperty of Bastion Technologies, as are the software, infrastructures,databases and content of all kinds (texts, images, visuals, music, logos,trademarks, etc.) that it operates. They are protected by all intellectualproperty rights or database producers' rights in force. The license thatBastion Technologies grants to the Client does not entail any transfer ofownership.

The Client, and theUsers, benefit from a non-exclusive and non-transferable SaaS license to usethe Platform for the period provided for in the article "Duration ofsubscription to the Services".

10. Commercial references

The parties may make useof their respective names, trademarks and logos and refer to their respectiveplatforms, as commercial references, for the duration of their contractualrelationship and 3 years thereafter.

11. Obligations and Liability of the Client

11.1. Regarding the provision of information

The Client undertakes toprovide Bastion Technologies with all the information necessary for thesubscription and use of the Services.

11.2. Regarding the Client's Account

The Client:

- guarantees that theinformation provided in the form is accurate and undertakes to update it,

- acknowledges that thisinformation is proof of his identity and is binding on him as soon as it isvalidated,

- is responsible formaintaining the confidentiality and security of its username and password. Anyaccess to the Platform using the latter is deemed to have been carried out byhim.

The Client mustimmediately contact BastionTechnologies at the contact details mentioned in thearticle "Identification of the Company" if he or she notices that hisAccount has been used without his or her knowledge. The Commission acknowledgesthat Bastion Technologies shall have the right to take all appropriate measuresin such a case.

The Client is solelyresponsible for creating access for Users.

11.3. Regarding the use of the Services

Customer is responsiblefor its use of the Services and any information it shares in connectiontherewith. It is also responsible for the use of the Services and anyinformation shared by Users. He undertakes that the Services will be usedexclusively by him and/or the Users, who are subject to the same obligations ashim in their use of the Services.

The Client shall refrainfrom misusing the Services for purposes other than those for which they weredesigned, and in particular to:

- carry out an illegal orfraudulent activity, as a reminder, the Client is solely responsible for theinformation entered in the Application, in particular in the case of externalscanning, he acknowledges that he has the authorisation to scan the infrastructuresthat he will enter in the Application,

- Violate public orderand morality,

- infringe third partiesor their rights in any way,

- violate a contractual,legislative or regulatory provision,

- carry out any activitylikely to interfere with the computer system of a third party, in particularfor the purpose of violating its integrity or security,

- carry out manoeuvresaimed at promoting its services and/or sites or those of a third party,

- Aiding or abetting athird party to commit one or more of the acts or activities listed above.

The Client alsoundertakes not to:

- copy, modify ormisappropriate any element belonging to Bastion Technologies or any conceptthat it exploits in the context of the Services,

- adopt any behaviourlikely to interfere with or hijack Bastion Technologies' computer systems orundermine its IT security measures,

- infringe the financial,commercial or moral rights and interests of BastionTechnologies,

- market, transfer orprovide access in any way to the Services, the information hosted on thePlatform or any element belonging to Bastion Technologies.

The Client indemnifiesBastion Technologies against any claim and/or action that may be broughtagainst it following the breach of any of the Client's obligations. The Clientshall indemnify Bastion Technologies for the damage suffered and shall reimburseit for any sums it may have to bear as a result.

12. Bastion Technologies' Obligations and Liability

Bastion Technologiesundertakes to provide the Services with diligence, it being specified that itis bound by an obligation of means.

As such, BastionTechnologies guarantees that it has all intellectual property rights on theSolution and the Services.

Any delay attributable tothe Client shall postpone the agreed delivery deadlines accordingly.

12.1. Regarding the quality of the Services

Bastion Technologiesmakes its best efforts to provide the Client with quality Services.

To this end, it regularlycarries out checks to verify the operation and accessibility of its Servicesand may thus carry out maintenance under the conditions specified in the "Maintenance"article.

Bastion Technologies isnevertheless not responsible for any temporary difficulties or impossibilitiesin accessing its Services which may arise from:

- circumstances externalto its network (and in particular the partial or total failure of the Client'sservers),

- the failure of anyequipment, cabling, services or networks not included in its Services or forwhich it is not responsible,

- the interruption of theServices by telecom operators or internet service providers,

- the Client'sintervention, in particular through a misconfiguration applied to the Services,

- a case of forcemajeure.

Bastion Technologies isresponsible for the operation of its servers, the outer limits of which are theconnection points.

Furthermore, it does notwarrant that the Services:

- subject to constantresearch to improve its performance and progress, will be completely free oferrors, defects or defects,

- being standard and inno way offered according to the Client's personal constraints, willspecifically meet his needs and expectations.

12.2. Regarding the Platform's service level guarantee

Bastion Technologies doesnot offer any guarantee of the level of service of the Platform.

However, BastionTechnologies makes its best efforts to maintain access to the Platform 24 hoursa day, 7 days a week, except in the event of planned maintenance under theconditions defined in the "Maintenance" article or force majeure.

12.3. Regarding the backup of data on the Platform

Bastion Technologiesmakes its best efforts to safeguard any data produced and/or entered by/on thePlatform.

Except in the case ofproven faults on the part of BastionTechnologies, it is nevertheless notresponsible for any loss of data during maintenance operations.

12.4. Regarding data storage and security

Bastion Technologiesprovides sufficient storage capacity for the operation of the Services.

Bastion Technologiesmakes its best efforts to ensure data security by implementing measures toprotect the infrastructure and the Platform, detect and prevent malicious actsand recover data

12.5. Concerning the use of subcontracting and assignment

Bastion Technologies mayuse subcontractors in the context of the performance of the Services, who aresubject to the same obligations as its own in the context of theirintervention. However, it remains solely responsible for the proper performanceof the Services with regard to the Client.

Bastion Technologies maysubstitute itself for any person who will be subrogated to all its rights andobligations under its contractual relationship with the Client. If necessary,it will inform the Client of this substitution by any written means.

13. Limitation of Bastion Technologies' Liability

Bastion Technologies'liability is limited to proven direct damage that the Client suffers as aresult of the use of the Services.

With the exception ofbodily injury, death and gross negligence, and subject to having issued a claimby registered letter with acknowledgement of receipt, within one month of theoccurrence of the damage, Bastion Technologies cannot be held liable for anamount greater than the amounts it has received in the context of the provisionof its Services.

14. Permissible Forms of Proof

Proof may be establishedby any means.

The Client is informedthat the messages exchanged through the Platform as well as the data collectedon the Platform and Bastion Technologies' computer equipment constitute one ofthe accepted methods of proof, in particular to demonstrate the reality of theServices provided and the calculation of their price.

15. Methods of processing personal data

15.1. General provisions

The parties undertake,each as far as it is concerned, to comply with all legal and regulatoryobligations incumbent on them with regard to the protection of personal data,in particular Law 78-17 of 6 January 1978 in its latest amended version knownas the Data Protection Act and Regulation EU2016/679 of the European Parliamentand of the Council of 27 April 2016 (together the "ApplicableRegulations").

To find out more aboutthe processing carried out by Bastion Technologies, the Client is invited toread Bastion Technologies' privacy policy available here:https://bastion.tech/fr/privacy-policy

15.2. Methods of processing personal data by Bastion Technologies as aprocessor

The purpose of thisclause is to set out the terms under which we undertake, on your behalf, theprocessing of personal data described below.

We mutually undertake,each as far as we are concerned, to comply with the regulations applicable topersonal data and in particular the General Data Protection Regulation (EURegulation 2016/679 of the European Parliament and of the Council of 27 April 2016)and the Data Protection Act of 6 January 1978 in its latest version in force(hereinafter referred to together as the " Applicable Regulations").

15.2.1.Description of the subcontracted processing

In the context of theServices, we are required to process personal data as a processor within themeaning of the applicable Regulations in your name and on your behalf. You areacting as a data controller within the meaning of the Applicable Regulations.The characteristics of the treatments are described below:

Purposes of theprocessing of personal data

Provision of the Servicesin accordance with these Terms and Conditions

Nature of processing operations

Any operation required toachieve the above-mentioned purposes, including collection, recording,organisation, storage, consultation, use, communication by transmission,anonymisation, erasure or destruction.

Type of personal dataprocessed

Identification data(surname, first name, photograph)

Contact details (emailaddresses, phone number)

Professional data (company, function)

Data related tocybersecurity risk training and awareness (history of training completed,history of chatbot conversations, reactions to a phishing campaign (emailignored, email opened, email reported, compromised credentials, etc.), passwordstrength, assessment of the level of awareness of cybersecurity risks

Connection and browsingdata (date and time of connection, IP address, location, terminal, browser,operating system)

Categories of datasubjects

Customer, employees,collaborators of the Customer

Duration of treatment

Duration of thecommercial relationship between Bastion Technologies and the Client.

15.2.2.Our obligations to you

- Data processing:

We undertake to processpersonal data only for the purposes listed in the table above and in accordancewith your documented instructions, including in relation to the transfer ofdata outside the European Union. We undertake to inform you if, in our opinion,an instruction constitutes a violation of the Applicable Regulations. Inaddition, if we are required to transfer data to a third country orinternational organization, under the law applicable to these Terms andConditions, we will inform you of this legal obligation prior to processing,unless the relevant law prohibits such information for important reasons ofpublic interest.

- Data security andprivacy:

We undertake to implementappropriate technical and organisational measures to ensure the security andintegrity of personal data, their safeguarding and the restoration of theiravailability in the event of a physical or technical incident. We also ensurethat those authorised to process personal data are subject to an obligation tokeep it confidential.

- Othersubcontractors:

We are entitled to usethe processors (hereinafter the "Sub-processor") listed in thetable below of the Terms and Conditions to carry out specific processingactivities. In the event of a change in the list of Authorized Subprocessors,we will notify you in advance and in writing. This information must clearlyindicate the subcontracted processing activities, the identity and contactdetails of the Sub-Processor. You have a period of 15 (fifteen) days from thedate of receipt of this information to submit your legitimate and reasonedobjections. If you do not notice objections after this period, you will bedeemed to have accepted the use of the Subprocessor.

The Subprocessor isrequired to comply with the obligations of these Terms and Conditions on yourbehalf and at your instructions. It is our responsibility to ensure that theSubprocessor provides the same sufficient guarantees as to the implementation ofappropriate technical and organisational measures so that the processing meetsthe requirements of the Applicable Regulations. If the Subprocessor fails tocomply with its data protection obligations, we remain liable to you for theperformance of the Subprocessor's obligations.

- Authorized subprocessors

Amazon Web:

  • Processed processing activity: Hosting of personal data
  • Localization of treatments: Ireland
  • Appropriate safeguards in place in case of data transfer outside the EU: N/A

Stripe:

  • Outsourced Processing Activity: Payment Service
  • Localization of treatments: Ireland
  • Appropriate safeguards in place in case of data transfer outside the EU: N/A

- Transfer of personaldata outside the European Union

We are entitled totransfer personal data processed under these Terms and Conditions to countriesoutside the European Union, subject to the implementation of appropriatesafeguards as defined in Chapter V of the aforementioned regulation.

- Assistance andProvision of Information:

We are committed toassisting you and responding as soon as possible to any request for informationsent to us by you, whether in the context of a request to exercise their rightsby data subjects, an impact assessment or a request submitted by the data protectionauthorities or your data protection officer.

- Notification ofpersonal data breaches:

We undertake to notifyyou of any personal data breach relating to the processing operations coveredby this Contract and to provide you with any useful information anddocumentation to enable you, if necessary, to notify the competent supervisoryauthority of this breach, as soon as possible after becoming aware of it.

- Data fate:

We will, at our option,delete personal data at the end of your use of the Services or return it to youand not keep a copy of it, unless required by the Applicable Regulations.

- Documentation:

We provide you, uponrequest, with all the information and documents necessary to demonstratecompliance with our obligations and to enable audits to be carried out. Youhave the opportunity to carry out audits once a year and at your own expense inorder to verify our compliance with the obligations set out in this articlerelating to personal data. You will notify us of the audit with a minimum oftwo (2) weeks' notice. We reserve the right to refuse the identity of theauditor retained if it belongs to a competing company. The audit will have tobe carried out during our working hours and in a way that disrupts our businessas little as possible. The audit may not in any way prejudice (i) our technicaland organizational security measures deployed, (ii) the security andconfidentiality of our other customers' data, (iii) or the proper functioningand organization of our production. To the extent possible, we will agree inadvance on the scope of the audit. The audit report should be sent to us sothat we can make any observations or remarks in writing, which will be annexedto the final version of the audit report. Each audit report will be consideredconfidential information.

- Your obligations :

You agree to:

(a) provide us with thepersonal data referred to in the article "Description of thesubcontracted processing" to the exclusion of any irrelevant,disproportionate or unnecessary personal data, and to the exclusion of any"special" data within the meaning of the Applicable Regulations,unless the processing justifies it, it being up to you to establish thesejustifications and take all measures,  inparticular prior information, collection of consent and security, appropriatefor such particular data;

(b) collect under yourresponsibility, in a lawful, fair and transparent manner, the personal datathat you provide to us, for the performance of the Services, and in particular,ensure that there is a legal basis for this collection and that the informationdue to the persons concerned is provided;

(c) keep a record ofprocessing and, more generally, comply with the principles of the ApplicableRegulations;

(d) ensure, prior to andthroughout the duration of the processing, compliance with the obligationsprovided for by the Applicable Regulations.

16. "Force majeure"

Bastion Technologiescannot be held liable for any breaches or delays in the performance of itscontractual obligations due to a case of force majeure occurring during theduration of its relationship with the Client, as defined in 1218 of the CivilCode.

If Bastion Technologiesis prevented from performing its obligations due to a case of force majeure, itmust inform the Client by registered letter with acknowledgement of receipt.The obligations are suspended upon receipt of the letter, and must be resumedwithin a reasonable period of time as soon as the case of force majeure ceases.

Bastion Technologiesnevertheless remains liable for the performance of obligations that are notaffected by a case of force majeure.

17. Termination of Services

The Subscription must beterminated no later than 30 days before the end of the current Period forAnnual Subscriptions and 14 days before the end of the current Period formonthly Subscriptions, by:

- The Client, by sendinga request to Bastion Technologies at the following email address:support@bastion.tech;

- Bastion Technologies,by sending an email to the Client.

Any Period that has beencommenced is due in full.

In the case of creditpurchased in advance and remaining, the excess will be refunded by banktransfer within 30 days.

The Client no longer hasaccess to his Account as of the end of the Services.

18. Penalties for non-compliance

Essential obligationstowards the Client (the "Essential Obligations") are:

- the payment of theprice,

- not to provideerroneous or incomplete information to Bastion Technologies,

- respect the usual rulesof politeness and courtesy in exchanges with Bastion Technologies,

- not to use the Servicesfor any third party,

- not to carry outillegal or fraudulent activities or activities that infringe the rights orsafety of third parties, breach public order or violate the laws andregulations in force.

In the event of a breachof any of these Essential Obligations, Bastion Technologies may:

- suspend or terminatethe Customer's access to the Services,

- publish on the Platformany information message that BastionTechnologies deems useful,

- to warn any competentauthority, to cooperate with it and to provide it with all information usefulfor the investigation and suppression of illegal or unlawful activities,

- take any legal action.

These sanctions arewithout prejudice to any damages that Bastion Technologies may claim from theClient.

In the event of a breachof any obligation other than an Essential Obligation, Bastion Technologies willrequest the Client by any useful written means to remedy the breach within amaximum period of 15 calendar days. The Services will end at the end of thisperiod if the breach is not rectified.

The termination of theServices results in the deletion of the Customer's Account.

19. Modification of the Terms and Conditions

Bastion Technologies maymodify its General Terms and Conditions at any time and will inform the Clientby any written means (and in particular by email) at least 30 calendar daysbefore they come into force.

The amended Terms andConditions are applicable upon renewal of the Customer's Subscription.

If the Client does notaccept these changes, it must terminate its Subscription in accordance with theterms and conditions set out in the "End of Services" article.

If Customer uses theServices after its amended Terms and Conditions have come into effect, BastionTechnologies shall consider Customer to have accepted them.

20. Language

The French languageprevails in the event of contradiction or dispute over the meaning of a term orprovision.

21. Applicable law and competent courts

The General Terms andConditions are governed by French law.

In the event of a disputebetween the Client and BastionTechnologies, and in the absence of an amicableagreement within 2 months of the first notification, it will be subject to theexclusive jurisdiction of the courts of Paris (France), unless otherwiseprovided.

Put your Cybersecurity on Autopilot
Bastion’s platform experience is designed by security and compliance experts so you don’t have to be one. Meet the cloud-based platform crafted with simplicity at heart and built to scale with your security, compliance, insurance and risk management needs.
Contact us ->
Based in Paris, France
26 rue de Montholon, 75009 Paris
SIREN 921179925
G2 badge: users love usG2 badge: high performerG2 badge: best support
Contact
© 2024 Bastion All rights reserved.
T&CPrivacy PolicyLegal Notice