By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept

Terms & Services

The GCU below do not take precedence over the French GCU available on the French version of the website. Please consider reading them first.

 

1. Identification of the Company

Bastion Technologies (the"Company" or "Bastion Technologies") is a simplified joint-stock company, registered with the Nanterre Trade and Companies Register under number 921 179 925, whose registered office is located at 65 rue de la Croix Nanterre, 92000.

Bastion Technologies can be contacted at the following coordinates:

- e-mail address:contact@bastion.tech,

- Phone number +33 1 8948 02 97.

2. Services offered

Bastion Technologies publishes a solution (the "Solution") intended for its corporate customers (the "Customers") aimed at protecting against cybersecurity risks (the "Services").

3. Contractual documents

The contractual relationship between the Client and Bastion Technologies is governed, in descending hierarchical order, by the following documents:

1. Function of the Terms and Conditions

The general terms and conditions (the "General Terms and Conditions") constitute the sole document governing Bastion Technologies' contractual relationship with theClient and define:

- the terms of use of itsServices,

- the respective obligations of the parties.

2. Location of Terms andConditions

The Client can find them via a direct link at the bottom of the page of the Platform.

3. Terms and conditions of acceptance of the General Terms and Conditions

The Client accepts theTerms and Conditions by ticking a box in the registration form. If he/she does not accept the Terms and Conditions in full, he/she may not access theServices.

They may be supplemented by specific conditions, which, in the event of contradiction, prevail over theGeneral Terms and Conditions.

4. Conditions of access to the Services

(i) The Client is a legal entity acting through a natural person with the power or authority required to contract in the name of and on behalf of the Client.

(ii) The Client has the status of a professional, understood as any natural or legal person acting for purposes falling within the scope of his commercial, industrial, artisanal, liberal or agricultural activity, including when he acts in the name or on behalf of another professional.

5. Terms and conditions of access and subscription to the Services

The Client can access theServices by going directly to the Platform.

To subscribe to theServices, the Client must contact the sales department at the e-mail address contact@bastion.tech or through the registration form available on the website: https://app.bastion.tech/

The Client must provideBastion Technologies with all the information marked as mandatory It is markedwith an asterisk in the registration form.

Registration automatically results in the opening of an account in the name of the Customer (the "Account") which allows the Customer to access theServices using its login ID and password.

Once the Client's Account has been created, it may freely create access for users (the "Users")within the limit of the number provided for in the subscribed Services.

The Client is solely responsible for creating access for Users and for their personal use of thePlatform.

6. Description of the Services

6.1. The Services

The Client acknowledges that the implementation of the Services requires being connected to the internet and that the quality of the Services depends on this connection, for which Bastion Technologies is not responsible.

The Services to which theClient has subscribed are described on the Site. Bastion Technologies offers:

- An audit of theCustomer's external surface to identify vulnerabilities and configuration issues resulting in an actionable remediation plan;

- Immediate detection of data leaks and dark web monitoring;

- Training for theClient's employees on cybersecurity (interactive chatbot, cyber maturity tests,automated reports, implementation of phishing scenarios, etc.);

- Real-time email protection via artificial intelligence technology;

- Web browsing security(proactive threat prevention, continuous monitoring of risky sites, etc.);

- Cloud application protection, including continuous attack detection and instant remediation.

6.2. Additional services

6.2.1Maintenance

The Client benefits from maintenance, including corrective and evolutionary maintenance, during the duration of the Services. In this context, access to the Platform may be limited or suspended.

Regarding corrective maintenance, Bastion Technologies makes its best efforts to provide theCustomer with corrective maintenance in order to correct any malfunction or bug found on the Platform.

Regarding evolutionary maintenance, the Client benefits during the duration of the Services from evolutionary maintenance, which Bastion Technologies may carry out automatically and without prior information, and which includes improvements to the functionalities of the Platform, the addition of new functionalities and/or technical installations used within the framework of the Platform (aimed at introducing minor or major extensions).

Updates are made throughout the term hereof.

By accepting these Terms, the Client agrees that the installation of the updates necessary for theServices to remain compliant, i.e. that the Services can continue to be used in accordance with what has been agreed between the parties and what the Client expected from them when subscribing, will be automatic.

Access to the Platform may also be limited or suspended for reasons of planned maintenance, which may include the above-mentioned corrective and evolutionary maintenance operations.

6.2.2Accommodation

Bastion Technologies ensures, under the terms of an obligation of means, the hosting of thePlatform, as well as the data produced and/or entered by/on the Platform, through a professional hosting provider, and on servers located in a territory of the European Union.

6.2.3Technical Assistance

In the event of any difficulty encountered during the use of the Services, the Client may contactBastionTechnologies by chat on the Application or at the following address: support@bastion.tech

The technical assistance service is available from Monday to Friday, excluding non-working days or public holidays, from 9 a.m. to 6 p.m. Depending on the identified need,Bastion Technologies will estimate the response time and keep the Client informed.

7. Duration of subscription to the Services

The Customer subscribes to the Services in the form of an annual or monthly subscription depending on the feature pack chosen (the "Subscription").

The Subscription begins on the day it is subscribed for an initial period indicated on the Platform.

The Subscription is tacitly renewed, for successive periods of the same duration as the initial period (together with the initial period, the "Periods"), from date to date, unless the Subscription is terminated in the terms of the "End of Services" article.

8. Financial conditions of Bastion Technologies

8.1. Prices of the Services

The prices of theServices to which the Client has subscribed are indicated on the Platform.

Any Period that has been commenced is due in full.

Bastion Technologies' prices may be revised at any time under the conditions of the article "Modification of the General Terms and Conditions".

8.2. Bastion Technologies' invoicing and payment terms

Bastion Technologies sends the Client an invoice per Period by any useful means.

Payment is made by direct debit when the Subscription is taken out, then at each renewal in the case of an annual subscription or monthly from the date of subscription in the case of a monthly subscription.

The Client guaranteesBastion Technologies that it has the necessary authorisations to use this payment method.

8.3. Consequences in the event of late or non-payment

In the event of default or late payment, Bastion Technologies reserves the right, as of the day after the due date shown on the invoice, to:

- immediately suspend theServices in progress until the payment of all sums due,

- charge for its benefit late payment interest equal to 3 times the legal interest rate, based on the amount of the sums not paid by the due date and a lump sum compensation of EUR40 in respect of recovery costs, without prejudice to additional compensation if the recovery costs actually incurred are higher than this amount,

- where applicable, pronounce the forfeiture of the term of all the sums owed to it by the Client and their immediate exigibility.

9. Intellectual Property Rights

The Platform is the property of Bastion Technologies, as are the software, infrastructures ,databases and content of all kinds (texts, images, visuals, music, logos, trademarks, etc.) that it operates. They are protected by all intellectual property rights or database producers' rights in force. The license thatBastion Technologies grants to the Client does not entail any transfer of ownership.

The Client, and theUsers, benefit from a non-exclusive and non-transferable SaaS license to use the Platform for the period provided for in the article "Duration of subscription to the Services".

10. Commercial references

The parties may make use of their respective names, trademarks and logos and refer to their respective platforms, as commercial references, for the duration of their contractual relationship and 3 years thereafter.

11. Obligations and Liability of the Client

11.1. Regarding the provision of information

The Client undertakes to provide Bastion Technologies with all the information necessary for the subscription and use of the Services.

11.2. Regarding the Client's Account

The Client:

- guarantees that the information provided in the form is accurate and undertakes to update it,

- acknowledges that this information is proof of his identity and is binding on him as soon as it is validated,

- is responsible for maintaining the confidentiality and security of its username and password. Any access to the Platform using the latter is deemed to have been carried out by him.

The Client must immediately contact BastionTechnologies at the contact details mentioned in the article "Identification of the Company" if he or she notices that hisAccount has been used without his or her knowledge. The Commission acknowledges that Bastion Technologies shall have the right to take all appropriate measures in such a case.

The Client is solely responsible for creating access for Users.

11.3. Regarding the use of the Services

Customer is responsible for its use of the Services and any information it shares in connection there with. It is also responsible for the use of the Services and any information shared by Users. He undertakes that the Services will be used exclusively by him and/or the Users, who are subject to the same obligations as him in their use of the Services.

The Client shall refrain from misusing the Services for purposes other than those for which they were designed, and in particular to:

- carry out an illegal or fraudulent activity, as a reminder, the Client is solely responsible for the information entered in the Application, in particular in the case of external scanning, he acknowledges that he has the authorisation to scan the infrastructures that he will enter in the Application,

- Violate public orderand morality,

- infringe third parties or their rights in any way,

- violate a contractual, legislative or regulatory provision,

- carry out any activity likely to interfere with the computer system of a third party, in particular for the purpose of violating its integrity or security,

- carry out manoeuvres aimed at promoting its services and/or sites or those of a third party,

- Aiding or abetting a third party to commit one or more of the acts or activities listed above.

The Client also undertakes not to:

- copy, modify or misappropriate any element belonging to Bastion Technologies or any concept that it exploits in the context of the Services,

- adopt any behaviour likely to interfere with or hijack Bastion Technologies' computer systems or undermine its IT security measures,

- infringe the financial, commercial or moral rights and interests of BastionTechnologies,

- market, transfer or provide access in any way to the Services, the information hosted on thePlatform or any element belonging to Bastion Technologies.

The Client indemnifiesBastion Technologies against any claim and/or action that may be brought against it following the breach of any of the Client's obligations. The Clientshall indemnify Bastion Technologies for the damage suffered and shall reimburse it for any sums it may have to bear as a result.

12. Bastion Technologies' Obligations and Liability

Bastion Technologiesundertakes to provide the Services with diligence, it being specified that itis bound by an obligation of means.

As such, BastionTechnologies guarantees that it has all intellectual property rights on theSolution and the Services.

Any delay attributable tothe Client shall postpone the agreed delivery deadlines accordingly.

12.1. Regarding the quality of the Services

Bastion Technologies makes its best efforts to provide the Client with quality Services.

To this end, it regularly carries out checks to verify the operation and accessibility of its Services and may thus carry out maintenance under the conditions specified in the "Maintenance"article.

Bastion Technologies is nevertheless not responsible for any temporary difficulties or impossibilities in accessing its Services which may arise from:

- circumstances external to its network (and in particular the partial or total failure of the Client's servers),

- the failure of any equipment, cabling, services or networks not included in its Services or forwhich it is not responsible,

- the interruption of theServices by telecom operators or internet service providers,

- the Client's intervention, in particular through a misconfiguration applied to the Services,

- a case of force majeure.

Bastion Technologies is responsible for the operation of its servers, the outer limits of which are the connection points.

Furthermore, it does not warrant that the Services:

- subject to constant research to improve its performance and progress, will be completely free of errors, defects or defects,

- being standard and in no way offered according to the Client's personal constraints, will specifically meet his needs and expectations.

12.2. Regarding the Platform's service level guarantee

Bastion Technologies does not offer any guarantee of the level of service of the Platform.

However, BastionTechnologies makes its best efforts to maintain access to the Platform 24 hours a day, 7 days a week, except in the event of planned maintenance under the conditions defined in the "Maintenance" article or force majeure.

12.3. Regarding the backup of data on the Platform

Bastion Technologies makes its best efforts to safeguard any data produced and/or entered by/on thePlatform.

Except in the case of proven faults on the part of BastionTechnologies, it is nevertheless not responsible for any loss of data during maintenance operations.

12.4. Regarding data storage and security

Bastion Technologies provides sufficient storage capacity for the operation of the Services.

Bastion Technologies makes its best efforts to ensure data security by implementing measures to protect the infrastructure and the Platform, detect and prevent malicious acts and recover data

12.5. Concerning the use of subcontracting and assignment

Bastion Technologies may use subcontractors in the context of the performance of the Services, who are subject to the same obligations as its own in the context of their intervention. However, it remains solely responsible for the proper performance of the Services with regard to the Client.

Bastion Technologies may substitute itself for any person who will be subrogated to all its rights and obligations under its contractual relationship with the Client. If necessary, it will inform the Client of this substitution by any written means.

13. Limitation of Bastion Technologies' Liability

Bastion Technologies 'liability is limited to proven direct damage that the Client suffers as a result of the use of the Services.

With the exception of bodily injury, death and gross negligence, and subject to having issued a claimby registered letter with acknowledgement of receipt, within one month of the occurrence of the damage, Bastion Technologies cannot be held liable for anamount greater than the amounts it has received in the context of the provision of its Services.

14. Permissible Forms of Proof

Proof may be established by any means.

The Client is informed that the messages exchanged through the Platform as well as the data collected on the Platform and Bastion Technologies' computer equipment constitute one of the accepted methods of proof, in particular to demonstrate the reality of theServices provided and the calculation of their price.

15. Methods of processing personal data

15.1. General provisions

The parties undertake, each as far as it is concerned, to comply with all legal and regulatoryobligations incumbent on them with regard to the protection of personal data, in particular Law 78-17 of 6 January 1978 in its latest amended version knownas the Data Protection Act and Regulation EU2016/679 of the European Parliament and of the Council of 27 April 2016 (together the "ApplicableRegulations").

To find out more aboutthe processing carried out by Bastion Technologies, the Client is invited to read Bastion Technologies' privacy policy available here:https://bastion.tech/fr/privacy-policy

15.2. Methods of processing personal data by Bastion Technologies as a processor

The purpose of this clause is to set out the terms under which we undertake, on your behalf, the processing of personal data described below.

We mutually undertake, each as far as we are concerned, to comply with the regulations applicable to personal data and in particular the General Data Protection Regulation (EURegulation 2016/679 of the European Parliament and of the Council of 27 April 2016)and the Data Protection Act of 6 January 1978 in its latest version in force(hereinafter referred to together as the " Applicable Regulations").

15.2.1.Description of the subcontracted processing

In the context of theServices, we are required to process personal data as a processor within the meaning of the applicable Regulations in your name and on your behalf. You are acting as a data controller within the meaning of the Applicable Regulations.The characteristics of the treatments are described below:

Purposes of the processing of personal data

Provision of the Services in accordance with these Terms and Conditions

Nature of processing operations

Any operation required to achieve the above-mentioned purposes, including collection, recording, organisation, storage, consultation, use, communication by transmission, anonymisation, erasure or destruction.

Type of personal data processed

Identification data(surname, first name, photograph)

Contact details (email addresses, phone number)

Professional data (company, function)

Data related to cybersecurity risk training and awareness (history of training completed, history of chatbot conversations, reactions to a phishing campaign (email ignored, email opened, email reported, compromised credentials, etc.), password strength, assessment of the level of awareness of cybersecurity risks

Connection and browsing data (date and time of connection, IP address, location, terminal, browser,operating system)

Categories of data subjects

Customer, employees, collaborators of the Customer

Duration of treatment

Duration of the commercial relationship between Bastion Technologies and the Client.

15.2.2.Our obligations to you

- Data processing:

We undertake to process personal data only for the purposes listed in the table above and in accordance with your documented instructions, including in relation to the transfer of data outside the European Union. We undertake to inform you if, in our opinion, an instruction constitutes a violation of the Applicable Regulations. In addition, if we are required to transfer data to a third country or international organization, under the law applicable to these Terms andConditions, we will inform you of this legal obligation prior to processing, unless the relevant law prohibits such information for important reasons of public interest.

- Data security and privacy:

We undertake to implement appropriate technical and organisational measures to ensure the security and integrity of personal data, their safeguarding and the restoration of their availability in the event of a physical or technical incident. We also ensure that those authorised to process personal data are subject to an obligation to keep it confidential.

- Other subcontractors:

We are entitled to use the processors (hereinafter the "Sub-processor") listed in the table below of the Terms and Conditions to carry out specific processing activities. In the event of a change in the list of Authorized Subprocessors, we will notify you in advance and in writing. This information must clearly indicate the subcontracted processing activities, the identity and contact details of the Sub-Processor. You have a period of 15 (fifteen) days from the date of receipt of this information to submit your legitimate and reasoned objections. If you do not notice objections after this period, you will be deemed to have accepted the use of the Subprocessor.

The Subprocessor is required to comply with the obligations of these Terms and Conditions on your behalf and at your instructions. It is our responsibility to ensure that the Subprocessor provides the same sufficient guarantees as to the implementation of appropriate technical and organisational measures so that the processing meets the requirements of the Applicable Regulations. If the Subprocessor fails to comply with its data protection obligations, we remain liable to you for the performance of the Subprocessor's obligations.

- Authorized subprocessors

Amazon Web:

  • Processed processing activity: Hosting of personal data
  • Localization of treatments: Ireland
  • Appropriate safeguards in place in case of data transfer outside the EU: N/A

Stripe:

  • Outsourced Processing Activity: Payment Service
  • Localization of treatments: Ireland
  • Appropriate safeguards in place in case of data transfer outside the EU: N/A

- Transfer of personal data outside the European Union

We are entitled to transfer personal data processed under these Terms and Conditions to countries outside the European Union, subject to the implementation of appropriate safeguards as defined in Chapter V of the aforementioned regulation.

- Assistance andProvision of Information:

We are committed to assisting you and responding as soon as possible to any request for information sent to us by you, whether in the context of a request to exercise their rights by data subjects, an impact assessment or a request submitted by the data protection authorities or your data protection officer.

- Notification of personal data breaches:

We undertake to notify you of any personal data breach relating to the processing operations covered by this Contract and to provide you with any useful information and documentation to enable you, if necessary, to notify the competent supervisory authority of this breach, as soon as possible after becoming aware of it.

- Data fate:

We will, at our option, delete personal data at the end of your use of the Services or return it to youand not keep a copy of it, unless required by the Applicable Regulations.

- Documentation:

We provide you, upon request, with all the information and documents necessary to demonstrate compliance with our obligations and to enable audits to be carried out. You have the opportunity to carry out audits once a year and at your own expense in order to verify our compliance with the obligations set out in this article relating to personal data. You will notify us of the audit with a minimum of two (2) weeks' notice. We reserve the right to refuse the identity of the auditor retained if it belongs to a competing company. The audit will have to be carried out during our working hours and in a way that disrupts our business as little as possible. The audit may not in any way prejudice (i) our technical and organizational security measures deployed, (ii) the security and confidentiality of our other customers' data, (iii) or the proper functioning and organization of our production. To the extent possible, we will agree in advance on the scope of the audit. The audit report should be sent to us so that we can make any observations or remarks in writing, which will be annexed to the final version of the audit report. Each audit report will be considered confidential information.

- Your obligations :

You agree to:

(a) provide us with the personal data referred to in the article "Description of the subcontracted processing" to the exclusion of any irrelevant, disproportionate or unnecessary personal data, and to the exclusion of any"special" data within the meaning of the Applicable Regulations, unless the processing justifies it, it being up to you to establish these justifications and take all measures,  in particular prior information, collection of consent and security, appropriate for such particular data;

(b) collect under your responsibility, in a lawful, fair and transparent manner, the personal data that you provide to us, for the performance of the Services, and in particular, ensure that there is a legal basis for this collection and that the information due to the persons concerned is provided;

(c) keep a record of processing and, more generally, comply with the principles of the ApplicableRegulations;

(d) ensure, prior to and throughout the duration of the processing, compliance with the obligations provided for by the Applicable Regulations.

16. "Force majeure"

Bastion Technologies cannot be held liable for any breaches or delays in the performance of its contractual obligations due to a case of force majeure occurring during the duration of its relationship with the Client, as defined in 1218 of the CivilCode.

If Bastion Technologies is prevented from performing its obligations due to a case of force majeure, it must inform the Client by registered letter with acknowledgement of receipt.The obligations are suspended upon receipt of the letter, and must be resumed within a reasonable period of time as soon as the case of force majeure ceases.

Bastion Technologies nevertheless remains liable for the performance of obligations that are not affected by a case of force majeure.

17. Termination of Services

The Subscription must be terminated no later than 30 days before the end of the current Period forAnnual Subscriptions and 14 days before the end of the current Period for monthly Subscriptions, by:

- The Client, by sending a request to Bastion Technologies at the following email address:support@bastion.tech;

- Bastion Technologies, by sending an email to the Client.

Any Period that has been commenced is due in full.

In the case of credit purchased in advance and remaining, the excess will be refunded by banktransfer within 30 days.

The Client no longer has access to his Account as of the end of the Services.

18. Penalties for non-compliance

Essential obligations towards the Client (the "Essential Obligations") are:

- the payment of the price,

- not to provide erroneous or incomplete information to Bastion Technologies,

- respect the usual rules of politeness and courtesy in exchanges with Bastion Technologies,

- not to use the Services for any third party,

- not to carry out illegal or fraudulent activities or activities that infringe the rights or safety of third parties, breach public order or violate the laws and regulations in force.

In the event of a breach of any of these Essential Obligations, Bastion Technologies may:

- suspend or terminate the Customer's access to the Services,

- publish on the Platform any information message that BastionTechnologies deems useful,

- to warn any competent authority, to cooperate with it and to provide it with all information useful for the investigation and suppression of illegal or unlawful activities,

- take any legal action.

These sanctions are without prejudice to any damages that Bastion Technologies may claim from theClient.

In the event of a breach of any obligation other than an Essential Obligation, Bastion Technologies will request the Client by any useful written means to remedy the breach within a maximum period of 15 calendar days. The Services will end at the end of this period if the breach is not rectified.

The termination of theServices results in the deletion of the Customer's Account.

19. Modification of the Terms and Conditions

Bastion Technologies may modify its General Terms and Conditions at any time and will inform the Client by any written means (and in particular by email) at least 30 calendar days before they come into force.

The amended Terms andConditions are applicable upon renewal of the Customer's Subscription.

If the Client does not accept these changes, it must terminate its Subscription in accordance with the terms and conditions set out in the "End of Services" article.

If Customer uses theServices after its amended Terms and Conditions have come into effect, BastionTechnologies shall consider Customer to have accepted them.

20. Language

The French language prevails in the event of contradiction or dispute over the meaning of a term or provision.

21. Applicable law and competent courts

The General Terms andConditions are governed by French law.

In the event of a dispute between the Client and BastionTechnologies, and in the absence of an amicable agreement within 2 months of the first notification, it will be subject to the exclusive jurisdiction of the courts of Paris (France), unless otherwise provided.

Put your Cybersecurity on Autopilot
Bastion’s platform experience is designed by security and compliance experts so you don’t have to be one. Meet the cloud-based platform crafted with simplicity at heart and built to scale with your security and compliance needs.
Contact us ->
Contact
© 2024 Bastion All rights reserved.
T&CPrivacy PolicyLegal Notice