ulation (EU) 2016/679, the General Data Protection Regulation (GDPR), which came into effect in May 2018.
At both Stone Island and Moncler a Data Protection Officer (DPO) has been designated, tasked with monitoring compliance with the GDPR and all laws and regulations on the protection of personal data. In addition, at Moncler the DPO also provides tar- geted advice to the company and employees on the compliance with, and implementation of the provisions and obligations aris- ing from the GDPR.
In order to ensure structured and efficient management of privacy issues, Moncler and Stone Island have adopted internal procedures, tools and guidelines, including (i) the Data Protection Master Policy, which describes the rules and instructions for pro- cessing personal data and the applicable retention periods, while also defining and designating the people involved in that process, their roles and responsibilities; (ii) the record of personal data processing activities; (iii) the Data Protection Impact Assessment (DPIA), (iv) the procedure for the management of data breach; and (v) the regulation on the use of IT tools by employees.
In addition, both Brands have set up an email address dpo@ moncler.com, and dpo@spwco.it through which it is possible to drive the attention of the DPO on requests for information and clarification or possible privacy violations; these work alongside the existing privacy@moncler.com and spwprivacy@spwco.it, which allows any party to contact the Company regarding priva- cy issues. As per regulation, the Group is legally obliged to notify clients of any data breach incidents involving their data and to un- dertake investigations to deepen these situations.
During 2021, in particular, also in light of changes occurred in the regulatory framework, the activity of monitoring and update of the documentation and procedures continued in order to en- sure an ongoing alignment with the GDPR and local regulations in the countries where the Group companies operate. In addi- tion, also the audit activities carried out by external consultants on compliance with GDPR regulations continued in Italy and in some European countries concerning, among others, the meth- ods of collection and management of clients and employees data, including the ones relating to video surveillance activities.
Each year the Group provides training sessions to specific offices and from 2021 video-tutorials were launched for all em- ployees on the main procedures of the GDPR and on the risks in the use of IT tools.
During 2021, at both Moncler and Stone Island, regular meetings between the DPO and the Privacy Committee, composed of liaison officers from most involved departments, continued with the aim to provide updates on the subject, planning the activities necessary to ensure constant alignment of the Company s and Group s projects and activities to the regulatory requirements.
In December 2021 Moncler Group detected an unautho- rised malware attack to its systems that resulted in the breach of personal data regarding employees, former employees, several suppliers, consultants and business partners, as well as clients recorded in its database. The Company s systems made it possi- ble to promptly identify the attack and take the necessary actions to stop its spread and minimise its impacts. In addition, a team of cybersecurity experts and external experts has been activated to cope with the situation.
The data breach was promptly reported to the Italian Data Protection Authority by Industries, by Moncler, as owner of some data affected by the breach, and by Stone Island, as owner of some data affected by the breach. In addition, where necessary, it was reported by the subsidiaries of Industries and belonging to the Moncler Group to the competent local authorities, as well as being reported to those affected by the incident.
In 2021 the Moncler Group was not notified of any com- plaints to the Italian Data Protection Authority pursuant to Article 77 of the GDPR. Following the report on the data breach provid- ed to clients and employees, the Group received around 350 re- quests of various kinds through the official channels, including, for example, some related to the request for deletion from the da- tabase pursuant to Article 17 of the GDPR, to the exercise of the right of access pursuant to Article 15 of the GDPR, to further infor- mation on the management of data, etc..
TAX POLICY In administrative management and in drafting the Financial State- ments and any other type of accounting documentation, Moncler complies with the applicable laws and regulations, adopts gener- ally accepted accounting practices and standards, and is inspired by the principle of transparency in relations with stakeholders, in- cluding the tax authorities. It faithfully represents performance and significant events according to criteria of clarity, truthfulness and fairness, in accordance with internal procedures, as stated in the Brand s Code of Ethics. In this context, the Board of Direc- tors plays a central role in the leadership and management of the Company and the Group according to the values of honesty and integrity and the principle of legality.
Moncler pays close attention to the legislation s evolutions aimed at fighting tax avoidance and evasion at the national and international level. Furthermore, it has a tax strategy that governs how the Company manages this subject.
The Moncler brand has adopted a Tax Policy to ensure its compli- ance over time with the tax rules of the countries where it oper- ates and to guarantee the financial and reputational integrity of all Group companies. It contains the following principles for the uni- form handling of tax matters throughout the Group: observe all the applicable laws, rules, regulations and dis-
closure requirements on tax matters in all the countries in which it operates
apply diligent professional care and judgment to reach well-reasoned conclusions, ensuring all decisions are tak- en at an appropriate level and supported with documenta- tion that evidences the decision-making process
achieve certainty on tax positions adopted; whereas tax law is unclear or subject to interpretations, perform a robust risk assessment, supported by adequate advices to ensure that the Group tax position adopted will be, more likely than not, settled in the Group s favour
develop and foster good working relationships with tax au- thorities, government bodies and other related third parties, undertake all dealings with them in a professional, courte- ous and timely manner
be compliant with anti-bribery legislation constantly interact with industry bodies or associations,
governments, and other external bodies (e.g. OECD and the EU), where possible, and appropriate to shape future tax legislation and practice in ways that balance the Group s interest (e.g. consistency, stability, competitiveness) with those of the relevant authority or policy
do not make use of secrecy jurisdictions, tax havens, tax structures without commercial substance or law tax juris- dictions in order to obtain tax advantages or tax structures intended for tax avoidance
comply with the Group Transfer Pricing Policy applicable world-wide on the basis of the principle of arm s length, or normal value, stated by OECD Guidelines.
Tax Policy Principles have been approved by the Board of Direc- tors of Moncler.
In Moncler s organizational model, the Group Tax Depart- ment (GTD) is responsible, among other things, for developing the Group s tax strategy by identifying, analysing, and managing dif- ferent optimization initiatives and monitoring the most relevant topics. Alongside the Group Tax Department, the Tax Affairs units of individual countries, acting in accordance with the values and principles defined by the Parent Company, are in charge of com- pliance management and tax planning and tax monitoring activi- ties at the local level.
Moncler strengthened its internal tax risk control system, known as the Tax Control Framework (TCF), making it suitable to oversee the tax risk. The main objective of the Tax Control Frame- work is to provide Group companies with uniform, consistent guidance in adopting a proper and effective approach to tax risk management. Because they operate in different jurisdictions, the Group companies have to adopt the TCF in accordance with the specific business context and the domestic laws of their coun- tries of reference. In keeping with the principles and guidelines
248 249 MONCLER GROUP
2021APPENDIX APPENDIX