Privacy policy

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use, and share your personal information. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.

Your Privacy Is Important to Us!

We, at Established., value your trust and confidence. This privacy statement is applicable to the information we collect on all our websites. We created this privacy statement to inform you of our global commitment to you.

Established. is committed to safeguarding privacy worldwide. An internal Data Control Organization of employees trained to personal data protection, is in place within Established., worldwide. All Established.’s subsidiaries are bound by an Intragroup contract to comply with the EU Regulation 2016/679 (General Data Protection Regulation – GDPR) and local regulations where relevant.

The following policy explains what personal information we may collect and how such information will be treated to meet the data protection standards and comply with the relevant laws. We are responsible as “controller” of that personal information for the purposes of those laws.


Key terms

We, us, our

Talisman Brands, Inc. d/b/a Established.

Personal information

Any information relating to an identified or identifiable individual


Provision of services by Established. and its subsidaries


The provision of the Services by Established. and its subsidiaries may require collecting some personal data. All information we collect is collected for a specific purpose and is necessary for this purpose and will not be used subsequently for another purpose. We don’t sell any personal data collected on our websites, and we explicitly forbid anyone to commercially use any personal data present on our websites.


Why and How do we collect personal data

To the extent Established. obtains possession of or collects any Personal Data, the relevant Personal Data shall be:

  • Processed fairly and lawfully.
  • Processed for specified purposes only.
  • Not kept longer than necessary.
  • Processed and held securely.
  • Adequate, relevant and not excessive.
  • Accurate and up to date

We may collect and use the following personal information that identifies, relates to, describes, is reasonable capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular user, consumer or household.
We collect most of this personal information directly from you—in person, by telephone, text or email and/or via our website and apps. However, we may also collect information from publicly accessible sources (e.g., property records), from a third party (e.g., sanctions screening providers, banking accounts, credit reporting agencies, or customer due diligence providers), or via our IT systems.

Under data protection law, we can only use your personal information if we have a proper reason for doing so, to comply with our legal and regulatory obligations, for the performance of our contract with you or to take steps at your request before entering into a contract, for our legitimate interests or those of a third party, or where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.


Lawful base

Personal data we may collect

Websites service

Legitimate Interest

Preferences cookies
Statistics cookies
Click stream


Legitimate Interest

Personal situation (address, personal phone)​
Marital situation​
Birth date
Fiscal situation​
HR payroll data ​
Recruitment contacts​
Personal Finance information​
Drug scan, criminal records​

Providing support on our products and/or services


User account (can be name based or ID number)​
Personal situation (address, personal phone)​


Legitimate interest

Marketing cookies
User account (can be name based or ID number)​
Personal situation (address, personal phone)​

Exercising your rights under any applicable law

Legal Obligation

User account (can be name based or ID number)​
Personal situation (address, personal phone)​


Legitimate interest

Strictly necessary cookies
Browsing information
Building exit/entry tracking data
Dataleak prevention​ data
Non-disclosure agreements


Sensitive Data

On a general basis Established. does not collect any sensitive data concerning you. Yet, depending on the definition used in regulations, some data considered as sensitive under certain regulation may be collected. For instance, we may collect birth date, or marital status for hiring purpose, while this information gives age, which is protected under CCPA. For security reason while hiring, we may collect criminal records in certain countries, while this is considered as sensitive under GDPR.


Keeping your information secure


Keeping the personal information, we collect about you secure is one of our most important responsibilities. We value your trust and handle personal information with care. Our employees access information about you for lawful purpose. We may also access information about you when responding to requests as required by law. This personal data is accessible on a need-to-know basis to the teams involved with the Services (marketing, IT, security, finance, and to any subcontractor working with those departments).

We safeguard information according to established security standards and procedures, and we continually assess new technology for protecting information. Our employees are trained to understand and comply with these information principles. Established. and its subsidiaries use reasonable administrative, physical and managerial measures to safeguard your personal information against loss, theft and unauthorized access, use and modification.


How—and why—information is shared

Your information is collected and stored for a limited duration necessary for the purpose of the processing (please see subsequent). We limit who receives information and what type of information is shared. We share information to the extent it is necessary to process the information for its intended purpose.


Sharing information with companies that work for us.

To handle the support, for employment purposes or to assist us in offering you goods and services and our agreement with you, we may occasionally share information with companies that work for us, such as companies specialized in hiring, or maintenance services. In such case, Data Processing Agreements are in place with third parties (EC Standard Contractual Clauses – Controller to Processor)


Sharing information with others.

We may provide your personal data as required by law or legal process or accreditations or the audit of our accounts; to maintain our accreditations, to comply with our legal and regulatory obligations, to protect and defend the rights of Established. and its subsidiaries and under circumstances we believe reasonably necessary to protect the personal safety of users, Established., its subsidiaries, its sites, or the public.

Moreover, Established. and its subsidiaries use services provided by third parties such as share buttons on social networks (e.g. Twitter and Facebook). If you decide to log in your social network profile while you are visiting our site, some personal data from your social network account, which may contain personal data that is part of your profile or your friends’ profile, may be accessible. If you do not agree to this processing, we recommend you keep third-party cookies disabled and/or to disconnect from the social network before visiting our site(s).


How Long Your Personal Information Will Be Kept

We may keep your details on record for as long as is reasonably necessary for the purposes for which it may use your personal data, as set out above and as allowed in accordance with applicable data protection law.
The criteria we use to determine data retention periods for your personal data includes the following:

  • retention in case of queries – for example, where you contact us to receive further information about the way we handle your data;
  • retention for the period in which you might legally bring claims against us;
  • retention in accordance with legal, tax-related and regulatory requirements - after your agreement with us has come to an end; and
  • to stay in touch about your requirements on an ongoing basis, where you have selected to receive these.

Please note that we reserve the right to retain certain information for our own record-keeping (for example, to ensure that you do not receive marketing communications that you have opted-out of receiving) and to defend ourselves against any claims.


Your rights and offering choices


You will be offered an opportunity to express your preference regarding the use and dissemination of information about you. That opportunity may be made available at the time you register on our web site, when you subscribe to our newsletters, or when you fill in a form (if one of those is applicable). While the specific preferences offered may vary from region to region across the world due to local law and/or practice, it is Established. and its subsidiaries’ goal to listen and honour our customers' preferences. Your continued trust and confidence depend upon it.


Your Rights Under the GDPR

You have the following rights under certain circumstances:

  • Right to object to processing (Art. 21 GDPR) - ask us to stop processing your information if the legal basis for this was our legitimate interest according to Art. 6 Para. 1 lit. f GDPR;
  • Right to restrict processing (Art. 18 GDPR) – limit our use or processing of your information;
  • Right to request correction (Art. 16 GDPR) - to make changes or corrections to your information to make sure it is accurate and up to date;
  • Right to request erasure (Art. 17 GPDR) – to ask us to delete your information (we are not obliged to do this in relation to information we need as part of our contractual relationship or for compliance with other laws, such as taxation or accounting laws);
  • Right to request access (Art. 15 GDPR) – receive a copy of the information we hold about you – you may request details of personal information which we hold about you at any time (a Data Subject Access Request or DSAR). No fee will be required, although reasonable fees can be charged for manifestly unfounded or excessive requests;
  • Right of portability (Art. 20 GDPR) - transfer your information to a third party; and to obtain it yourself
  • Where you have provided consent for data processing, you can withdraw this consent at any time (Art. 7 Para. 3 GDPR).


How To Exercise Your Rights?

To exercise any of the above rights, or any similar right that your local regulation may provide you with, please contact us following the contact instructions at the end of this Policy.
As a Data controller, we will confirm Data subject identity before fulfilling rights request. To do so, any request must:

  • Provide enough information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with enough detail that allows us to properly understand, evaluate, and respond to it.

We endeavour to respond within 30 days of receiving a verifiable request.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.


Lead Supervisory Authority

You have the right to file a complaint about us with the relevant data protection authority:

  • The Lead Supervisory Authority as designed by Established. is the French Data Protection Authority: CNIL
  • Or the relevant authority in your country of work or residence.





Established. may use cookies on our web sites to ease your navigation and to analyse your use of the website. Each website should provide information to better understand how cookies work and how to use the available tools to configure them. 



We reserve the right to amend this Privacy Policy at our discretion and at any time. When we make changes to this Privacy Policy, we will post the updated policy on the Website and update its effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

  • Effective date: January 1st, 2020.
  • Last review: August 24th, 2022.





Requests to exercise your right under this Policy, or any questions regarding our Privacy Policy and practices can be addressed to our DPO:

22 rue du Chauchat


Security – Data Breach

Any suspicion of data breach or security issue can be reported:

  • By postal mail:

22 rue du Chauchat