| ’Moncler Group | Annual Report 2024 Board of Directors’ Report 276

[S4–4] Taking action on material impacts on consumers

and end-users, and approaches to managing material

risks and pursuing material opportunities related

to consumers and end-users, and effectiveness of

those actions

Data management and protection

The protection and proper processing of personal data is an

important area for the Moncler Group, gaining increasing

importance over the years.

To ensure compliance with personal data protection regulations,

such as EU Regulation 2016/679, the General Data Protection

Regulation (GDPR), in Europe and equivalent regulations in other

areas of the world, the Group adopts a structured approach that

includes procedures, described above, and dedicated measures.

This approach applies not only to the management of client data,

but also to that of employees, suppliers and other stakeholders.

Moncler and Stone Island have appointed a Data Protection

Of f icer (DPO) who is responsible for monitoring the compliance

of their respective companies with the GDPR and all legal and

regulatory provisions relating to the protection of personal data,

as well as providing the companies and employees with the necessary

support regarding the protection of personal data. Furthermore,

the Group has designated a DPO for its German subsidiaries and

a dedicated of f icer has been appointed for privacy and cybersecurity

in China, in accordance with local law.

The privacy governance system adopted by Moncler includes

the Privacy Committee, established in June 2019, which is

responsible for ensuring proper coordination and exchange of

information between the companies and the DPO, in order

to obtain the necessary support and monitor and implement

regulatory adjustment in business processes. The Privacy

Committee, which meets every one or two months, is composed

of the General Counsel, the Head of Corporate Af fairs &

Compliance and the heads of the functions designated as Privacy

Representatives for the areas of Information Technology, Customer

Relationship Management (CRM), People & Organisation

and

Video Surveillance, as well as other colleagues from the Legal,

Compliance and Digital departments At Stone Island there

is a privacy of f ice which in coordination with Moncler monitors

and manages all privacy issues

Monclers Data Protection Of f icer provides periodic updates

on privacyrelated issues to the Control Risks and Sustainability

Committee which then informs the Board of Directors

Similarly the Worldwide Information Technology Transformation

Function provides periodic updates on cybersecurity issues

a topic on which the Group is constantly working to mitigate the

potential risks related to any operational interruptions caused

by cyberattacks with the aim of ensuring business

continuity

and information protection

During 2024 regular meetings took place and also in light of

changes that occurred in the legislative and regulatory framework

the activity of monitoring and updating the documentation and

procedures continued, in order to ensure an ongoing alignment with

the GDPR and local regulations in the countries where the Group

companies operate, including the applicable privacy laws in China

(e.g. the China Personal Information Protection Law — PIPL).

The Group’s Internal Audit Function continued to conduct

privacy audits during 2024, also with the support of external

consultants. In particular, an audit was carried out on the level of

compliance with the regulations on the protection of personal data

in China, with related follow-up activities with the functions involved.

Any violations of procedures implemented by Moncler and

Stone Island under the GDPR by employees are addressed by the

Group’s disciplinary system. To date, no disciplinary proceedings

have been initiated for such breaches.

In 2024, Moncler received about 1,367 requests of various

kinds through the of f icial channels, including requests for deletion

from the database pursuant to Article 17 of the GDPR, requests

for access rights pursuant to Article 15 of the GDPR, and inquiries

about data management. As for Stone Island, about 156 requests

were received through of f icial channels in 2024.

In 2024, the Moncler Group was not notif ied of any complaints

by the Italian Data Protection Authority pursuant to Article 77 of

the GDPR.

Finally, employee training on the main provisions of the GDPR

continued via e-learning and the training programme on privacy

legislation applicable in China was def ined.

Product compliance

To mitigate the theoretical risk of potential non-compliance

with the applicable regulations that def ine the products compliance

intended for sale in the selling country/State, particularly

concerning the use of potentially harmful chemical substances,

the Group has adopted an integrated approach that includes

the monitoring of raw materials and production processes close

collaboration with suppliers and updating its standards to meet

regulatory developments

For the Moncler Group quality in a holistic sense has always

been and will continue to be a priority From the early stages of

design and selection of raw materials compliance with applicable

laws and corporate quality standards is absolute priorities for

the Group The quality of the down nylon and cotton as well as

the other raw materials used to produce both Brands garments

is combined with ongoing research and experimentation to

achieve an excellent f inal product To achieve these standards

the Group carefully selects its suppliers and submits the raw

materials to strict sampling plans that include checks of composition

,

.

“–”

,(..,,.)

,;,

,

,,,,

,,.,

,

-

.

,

,,,

,

,

/.

.,

(),

/.

,%

.

,’

,

,-

.

,,

,,,

’.

,

,

:

,

,.

,

--.