LEGAL

Privacy Policy

Terms and Conditions of Use

Terms and Conditions of Sale

Return Policy

Cookie Policy

Terms and Conditions of Use

Terms and Conditions of Sale

Return Policy

Cookie Policy

Moncler Korea Privacy Policy

Welcome to the website www.moncler.com.

Moncler Korea Inc. (hereinafter also referred to as “Moncler” or “we”), a member of the Moncler Group, provides the following information regarding the collection and processing of users’ personal data. During the use of the website or its services (hereinafter, the “Website” and the “Services”), information and personal data relating to users of the Website may be collected.

Moncler processes personal data lawfully and securely in compliance with the Personal Information Protection Act of Korea (the “PIPA”) and other applicable laws and regulations, in order to protect the rights and freedoms of data subjects. In accordance with Article 30 of the PIPA, this Privacy Policy is established and disclosed to inform data subjects of the procedures and standards for the processing and protection of personal data, and to ensure that any related complaints or inquiries may be handled promptly and efficiently.

[Table of Contents]

1. Categories of Personal Data Processed / Purposes of Processing / Retention and Use Periods	2. Procedures and Methods for the Storage and Destruction of Personal Data
3. Provision of Personal Data to Third Parties	4. Outsourcing of Personal Data Processing
5. Cross-border Transfer of Personal Data	6. Methods of Personal Data Processing and Storage / Measures to Ensure Data Security
7. Possibility of Disclosure of Sensitive Information and Options to Restrict Disclosure	8. Installation, Operation, and Refusal of Automatic Personal Data Collection Devices
9. Rights of the Data Subject and How to Exercise Them	10. Chief Privacy Officer / Personal Data Protection DepartmentChief Privacy Officer / Personal Data Protection Department
11. Remedies for Infringement of Data Subject Rights	12. Processing of Pseudonymized Data
13. Changes to the Privacy Policy

1.Categories of Personal Data Processed / Purposes of Processing / Retention and Use Periods

(1) Moncler collects and uses personal data, in accordance with the PIPA, only to the minimum extent necessary for the provision of the Services.

1.1 Categories of Personal Data Processed Without the Consent of the Data Subject

We process the following categories of personal data without obtaining the consent of the data subject. Personal data may be deleted earlier depending on the applicable contractual terms or upon a request for deletion by the data subject. However, personal data may be retained for a longer period where such retention is necessary to comply with legal obligations, or to establish, exercise, or defend legal claims, or where otherwise permitted under applicable laws and regulations.

Legal basis		Purpose of Collection and Use	Categories of Processed Items	Processing and Use Period
Article 15(1)(2) of the PIPA (Special provisions exists in law / fulfillment of obligations under law)	Article 85-3 of the National Taxation Act	Compliance with document storage obligations under the National Taxation Act	Tax bills and receipts, documents for external audits and tax examinations	5 Years
	Article 33 of the Commercial Code	Compliance with document retention obligations under the Commercial Code	Information contained in commercial books, important documents/slips on business, or similar documents	10 Years / 5 years
	Article 15-2 of the Communications Secrets Protection Act	Compliance with the obligation to preserve communication fact verification data under the Communications Secrets Protection Act	Website visit history and IP address	3 Months
	Article 6 of the Act on Consumer Protection in Electronic Commerce, etc.	Compliance with the obligation to preserve transaction records under the E-Commerce Act	Records on display, advertisement	6 Months
			Records on contract or withdrawal of subscription, payment and supply of goods, etc.	5 Years
			Records on consumer complaints or dispute handling	3 Years
Article 15(1)(4) of the PIPA (Contract conclusion and execution) / Article 15(1)(6) of the PIPA (Legitimate interests)		(A) User account creation For the purpose of user registration and authentication for account access	Name, email address, password, birthday (if applicable)	10 years from the time of initial collection [This retention period is based on the retention policy commonly applied within the Moncler Group and represents the minimum retention period set as a global standard, taking into account regulatory environments and requirements across jurisdictions.]
		(B) To respond to your queries or feedback To process your requests submitted via our online forms, chat, phone (00852800969300), email (client.service_kr@moncler.com or privacy@moncler.co.kr), or email (client.service_kr@moncler.com or privacy@moncler.co.kr)	Name, contact details (email or phone number), content of your query or feedback
		(C) To provide and administer the Services through the Website This purpose includes registration, service updates, and participation in website-based events or features	Record account information, order history, and interactions
		(D) Manage sales and after-sales service To manage our sales, invoicing, customer support and customer satisfaction management (CRM) activities	Customer name, shipping/billing address, purchase and payment information, and return and refund history
		(K) To monitor quality, handle complaints and provide telephone customer support services To improve the quality of customer service and manage user disputes (voice recording instructions are provided at the beginning of the call)	Call recordings, complaint history, customer interaction history, consultation history	90 Days from the time of initial collection / in case of dispute, 3 years after the end of the dispute before destruction
Article 15(1)(6) of the PIPA (Legitimate interest)		(E) To prevent fraud To comply with international regulations (e.g., anti-money laundering laws) and for fraud detection measures	Identity credentials, transaction history, IP address, name, email address, membership and transaction status, delivery and payment history, and service usage	Up to 48 months after initial collection
		(I) For aggregate strategic and business analysis purposes For statistical analysis, forecasting, and business strategy to improve our products and services	Categorized or pseudonymized usage and transaction information, demographic information, purchasing patterns and preferences, and device and browsing information	3 Years after the completion of the analysis
		(J) To manage legal rights and disputes To assert or defend Moncler's legal rights in administrative, judicial or non-judicial proceedings	Relevant personal information necessary for legal and administrative proceedings, including legal claims, enforcement, etc.	3 Years after the completion of the process

1.2 Personal Data Processed with the Consent of the Data Subject

We process the following categories of personal data based on the consent of the data subject. Certain items of personal data may overlap with those listed in Section 1.1 (Personal Data Processed Without the Data Subject’s Consent). Such overlap does not indicate duplicate processing, but is intended to reinforce the legal basis applicable to the relevant processing activities.

Purpose of Processing	Personal Data Processed	Retention and Use Period
(A) Creating a user account To register and authenticate you for access to your account	Name, email address, date of birth, and password (when creating an account)	10 years from the time of initial collection or until the withdrawal from the membership, whichever is longer [This retention period is based on the retention policy commonly applied within the Moncler Group and represents the minimum retention period set as a global standard, taking into account regulatory environments and requirements across jurisdictions.]
(C) To provide and manage services through the Website This purpose includes registration, service updates and participation in website-based events or features	Order history, exchange and return history, wish list items, reservation history, after-sales service requests, purchasing habits, preferences, gender, phone number (while using Moncler services)
(D) Sales and after-sales service management To manage sales, invoicing, customer support and customer satisfaction management (CRM) activities	Name, nationality, email address, shipping address, delivery and payment method (when ordering goods)
(I) For integrated strategic and business analysis purposes To develop business strategies for statistical analysis, forecasting, and product and service improvement	Browsing information: IP address and the domain name of your computer, the Unified Resource Identifier (URI) address of the requested resource, the time of the request, the method used to send the request to the server, the size of the file provided in response, a numeric code indicating the status of the response returned by the server and other parameters specific to your operating system	3 Years after the completion of the analysis
(F) Direct marketing (with your prior consent) To send you marketing materials (newsletters, promotions, etc.) via email, SMS, telephone or instant messages	Name, contact details (email, mobile phone number)	7 Years from the time of initial collection or until the withdrawal from the membership, whichever is longer [This retention period is based on the retention period policy commonly applied within the Moncler Group and has been specially approved by the Italian data protection authority (Garante).]
(G) Profiling and Marketing Purposes Moncler uses the "Moncler Digital Data Architecture" system to create personal profiles of you and to provide you with tailored communications and personalized experiences.	Purchase history, behavioral and profiling cookies
(H) Online advertising and social media targeting To share information within the scope permitted by the cookie and platform policies, in order to provide behaviorally targeted advertising via digital platforms such as Meta or Instagram	Behavioral information, social media interaction information, and purchasing preferences from cookies

(2) Where we collect and use personal data based on the consent of the data subject pursuant to Article 15(1)(1), Article 23(1)(1), and Article 24(1)(1) of the PIPA, we shall, prior to obtaining such consent, clearly inform the data subject of the following matters:

purpose of collecting and using personal data;
items of personal data to be collected;
period of retention and use of personal data; and
the fact that the data subject has the right to refuse consent and, where any disadvantage arises from such refusal, the details of such disadvantage, and shall collect and use the personal data only after obtaining the data subject’s consent.

(3) Where it becomes necessary to collect and use personal data for a new purpose other than those set forth in Sections 1.1 and 1.2 above, we shall, after notifying the data subject of the mandatory matters set out in items 1 through 4 of paragraph (2), obtain the data subject’s consent and thereafter collect and use the personal data.

(4) Where we process personal data without the consent of the data subject pursuant to Article 15(1)(2) through (7) of the PIPA, we shall clearly inform the data subject of the relevant items of personal data and the legal basis for such processing.

2. Procedures and Methods for the Storage and Destruction of Personal Data

(1) We shall destroy personal data without delay when the personal data becomes unnecessary due to the expiration of the retention period, the achievement of the purpose of processing, or any other similar reason.

(2) Where personal data must be retained in accordance with other applicable laws, notwithstanding that the retention period agreed upon by the data subject has expired or the purpose of processing has been achieved, we shall retain such personal data by transferring it to a separate database (DB) or by storing it in a different storage location.

*The specific items of personal data retained pursuant to other applicable laws and the legal grounds for such retention may be confirmed in Section 1. Categories of Personal Data Processed / Purposes of Processing / Retention and Use Periods.

(3) The procedures and methods for the destruction of personal data are as follows:

Destruction procedure: We identify the personal data for which grounds for destruction have arisen and destroy such personal data after obtaining approval from the Chief Privacy Officer.
Destruction method: Personal data stored in electronic file form that has been classified for deletion is irreversibly anonymized in a manner that prevents recovery or reproduction. Personal data recorded or stored in paper document form is destroyed by shredding or incineration.

3. Provision of Personal Data to Third Parties

(1) We process the data subject’s personal data only within the scope expressly stated in the purposes of processing, and provide personal data to third parties only where the data subject has given consent, or where there exists a special provision under law, as permitted under Articles 17 and 18 of the PIPA. Except in such cases, we do not provide the data subject’s personal data to any third party.

(2) For the purpose of ensuring the smooth provision of our services, and only in the cases set forth below, we provide personal data to the minimum extent necessary, after obtaining the data subject’s consent, in accordance with Article 17(1))1) of the PIPA.

Recipient

Purpose of Provision

Items Provided

Retention and Use Period by Recipient

Companies within the Moncler Group

[link]

To manage sales and after-sales activities for Korean customers and to consolidate customer information

Name, gender, birthday, phone number, email address, password, nationality, preferred contact method, country of residence, payment history (information about payment currency, payment method), exchange and return history (only if you have consented to profiling), customer consultations and queries via multiple channels such as after-sales service requests and live chat (information about products and services), purchasing habits (purchase and refund history), collection preferences, cookies, browsing habits (online sessions, online visits), IP address, device ID, city, shipping address, shipping method

7 Years from the time of initial provision or until the withdrawal from the membership, whichever is longer

[This retention period is based on the retention period policy commonly applied within the Moncler Group and has been specially approved by the Italian data protection authority (Garante).]

(3) Where we provide personal data to a third party based on the consent of the data subject, we shall, prior to obtaining such consent, clearly inform the data subject of the following matters:

person to whom personal data is provided;
the purpose of the recipient’s use of the personal data;
items of personal data provided;
the period of retention and use of personal data by the recipient; and
the fact that the data subject has the right to refuse consent and, where any disadvantage arises from such refusal, the details of such disadvantage, and shall provide the personal data to the third party only after obtaining the data subject’s consent.

(4) Where the provision of personal data to a third party is required for a purpose other than those set forth in paragraph (2), we shall, after notifying the data subject of the mandatory matters set out in items 1 through 5 of paragraph (3), obtain the data subject’s consent and thereafter provide the personal data to the third party.

(5) We may provide personal data to relevant authorities without the consent of the data subject in the following cases:

(i) where the provision of personal data is required to be made to regulators, public institutions, or other legitimate third parties pursuant to laws or relevant regulations (e.g., requests made in accordance with anti-money laundering regulations, court orders, or similar legal processes); or

(ii) where a special transaction such as a merger, acquisition, or transfer of business occurs.

(6) Where we provide personal data to a third party without the consent of the data subject pursuant to Article 17(1)(2) of the PIPA, we shall clearly inform the data subject of the legal basis for such processing.

(7) In the event of an emergency situation, such as a disaster, an infectious disease, an incident or accident that poses an imminent threat to life or physical safety, or an urgent risk of significant property loss, we may provide personal data to relevant authorities without the consent of the data subject. In such cases, we shall provide only the minimum extent of personal data necessary, in accordance with the applicable laws, and shall not use or provide such personal data for any purpose other than the intended purpose.

4. Outsourcing of Personal Data Processing

(1) We outsource certain personal data processing activities as set out below in order to ensure the efficient processing of personal data.

Outsourcee	Outsourced Tasks
Kakao Inc.	Sending push messages - sending personalized advertisements based on customer interests
NHN KCP Corp.	Payment gateway services
Transcosmos Korea Inc.	Call center service
Ilyang Logistics Co., Ltd.	Courier Service
KLN (KERRY LOGISTICS NETWORK) Korea Co., Ltd.	Logistics Service
Industries S.p.A.	For marketing and profiling and aggregation purposes
Adyen N.V.	Payment gateway services
Crea Vision Int.	Helpdesk services
Cegid Group SA	Retail sales database management
Riskified ltd.	Managing your retail sales database
Sprinklr, Inc.	CXM Platform Service
Google LLC	Analytics and advertising
Meta Platforms, Inc.	Advertising
Salesforce, Inc.	E-commerce and marketing services
Microsoft Dynamics	Retaining customer profiling information
Strategy Inc.	Customer care analytics
Skynet ICT ltd.	Helpdesk services

(2) When entering into an outsourcing agreement, we specify in the contract or other written documents, in accordance with Article 26 of the PIPA, matters concerning, inter alia: the prohibition on processing personal data for purposes other than the performance of the outsourced tasks; the implementation of technical and administrative safeguards; restrictions on re-outsourcing; matters concerning the supervision and management of the data processor; and liability for damages. We also supervise the data processor to ensure that personal data is processed safely and securely.

(3) Pursuant to Article 26(6) of the PIPA, where a data processor intends to re-outsource the outsourced personal data processing activities, the prior consent of Moncler must be obtained, and information regarding the sub-processor and the details of the re-outsourced tasks shall be disclosed through this Privacy Policy.

(4) Where the details of the outsourced tasks or the data processor are changed, we shall promptly disclose such changes through this Privacy Policy.

5. Cross-border Transfer of Personal Data

(1) For the performance of certain specific processing activities relating to the processing of users’ personal data, we transfer such personal data to external parties located outside Korea (each, a “Third Country”).
The list of Third Countries is set out below and will be updated from time to time. Such cross-border transfers are conducted in accordance with Article 28-8 of the PIPA, and include cases where the data subject’s consent has been obtained or where a contract has been entered into for the outsourcing of personal data processing in compliance with this Privacy Policy.

(2) Where a data subject does not consent to the cross-border transfer of personal data, the data subject may indicate such refusal by expressing an opt-out in the relevant consent form. However, please note that the consequences of such refusal may vary depending on the specific items of personal data for which cross-border transfer is refused. Where the transfer of certain items of personal data is refused, the use of Moncler’s services may be restricted. Conversely, where the transfer of certain other items of personal data is refused, purchases through the Website may remain available, but customized communications or personalized customer management services—including those provided via email (newsletter), telephone, SMS, MMS, instant messaging, or postal mail—may not be provided.

(3) Specifically, we transfer personal data to Third Countries as set forth below. The information below includes both cases where personal data is provided to third parties and cases where personal data processing is outsourced, and therefore may overlap with the contents of Section 3 (Provision of Personal Data to Third Parties) and Section 4 (Outsourcing of Personal Data Processing). This overlap is intended to ensure clear and transparent notice regarding cross-border transfers of personal data.

Recipient (Contact Info.)	Country of Transfer	Purpose of Recipient’s Use	Items of Personal Data Transferred	When and How Transfer Occurs	Retention and Use Period by Recipient	Outsourced Tasks	Legal Basis for Cross-border Transfer
Companies within the Moncler Group [link]	Overseas countries [link]	To manage sales and after-sales activities for customers in Korea and to consolidate customer information	Name, gender, birthday, phone number, email address, password, nationality, preferred contact method, country of residence, payment history (information about payment currency, payment method), exchange and return history (only if you have consented to profiling), customer consultations and queries via multiple channels such as after-sales service requests and live chat (information about products and services), purchasing habits (purchase and refund history), collection preferences, cookies, browsing habits (online sessions, online visits), IP address, device ID, city, shipping address, shipping method	Remote transmission over a network at the time of collection	7 Years	N/A	Article 28(8)(1) of the PIPA (Consent of the data subject)
Industries S.p.A. (Privacy@moncler.com; dpo@moncler.com)	Italy	To perform marketing and profiling, and to aggregate customer information	Gender, birthday, phone number, email address, preferred contact method, country of residence, purchasing habits (purchase and refund history), collection preferences, cookies, browsing habits (online sessions, online visits), IP address, device ID, city, shipping address	Remote transmission over a network at the point of collection	7 Years	Purpose of marketing and profiling and aggregation of customer information	Article 28(8)(1) of the PIPA (Consent of the data subject) / Article 28(8)(1)(5) of the PIPA (Recognition of equivalence by the Personal Information Protection Commission)
Adyen N.V. (dpo@adyen.comt)	Netherlands	Purpose of processing payment information	Name, email address, billing address, shipping address, order details, payment method, tokenized card information, transaction amount, transaction ID	Electronic transmission via secure and encrypted communication channels (HTTPS/TLS) at the point of purchase	Retained for as long as necessary to process transactions, comply with financial regulations (e.g., fraud prevention and accounting obligations) and resolve disputes, typically up to 10 years, depending on the period required by applicable financial legislation	Payment gateway services	Article 28(8)(1)(3) of the PIPA (Outsourcing and storage of personal data processing for contracts with data subjects) / Article 28(8)(1)(5) of the PIPA (Recognition of equivalence by the Personal Information Protection Commission)
Crea Vision Int. (+420 774 555 667)	Czech Republic	Purpose of responding to customer inquiries	Name, email address, billing address, shipping address, order details, payment method, tokenized card information, transaction amount, transaction ID (Crea Vision Int. only has direct access to order-related information within the CEGID system via a secure connection, and only as necessary to troubleshoot POS-related issues.)	Troubleshooting activities will be performed in a read-only manner within the CEGID system over a secure, direct connection. No bulk or periodic transfers will be made.	Crea Vision Int. will only view it until the previous purpose is fulfilled, Does not retain or store personal data separately. All data is kept within the CEGID environment, which is controlled by the Montclair Group.	Helpdesk services	Article 28(8)(1)(3) of the PIPA (Outsourcing and storage of personal data processing for contracts with data subjects) / Article 28(8)(1)(5) of the PIPA (Recognition of equivalence by the Personal Information Protection Commission)
Cegid Group SA (Dataprivacy@cegid.com)	France	Management and storage of retail sales database	Name, email address, birthday, password, nationality, shipping address, shipping method, payment history (information about payment currency, payment method), phone number, order history, exchange and return history, customer consultations and queries through various channels such as after-sales service requests and live chat (information about products and services)	Remote transmission over a network at the point of collection	10 Years	Management of retail sales database	Article 28(8)(1)(3) of the PIPA (Outsourcing and storage of personal data processing for contracts with data subjects) / Article 28(8)(1)(5) of the PIPA (Recognition of equivalence by the Personal Information Protection Commission)
Riskified ltd. (Dpo@riskified.com)	Israel	Management and storage of retail sales database	Name, email address, birthday, password, nationality, shipping address, shipping method, payment history (information regarding payment currency, payment method), phone number, order history, exchange and return history, customer consultation and inquiry history through various channels such as after-sales service requests and live chat (information regarding products and services)	Remote transmission over a network at the time of collection	10 Years	Management of retail sales database	Article 28(8)(1)(3) of the PIPA (Outsourcing and storage of personal data processing for contracts with data subjects)
Sprinklr, Inc. (privacy@sprinklr.com)	USA	Customer Experience Management	Name, email address, phone number	Remote transmission over a network at the time of collection	7 Years	CXM Platform Service	Article 28(8)(1)(3) of the PIPA (Outsourcing and storage of personal data processing for contracts with data subjects)
Google LLC (Data-access-requests@google.com) [See subprocessor of Google LLC]	Europe [link]	To provide analytics and advertising services (including personalized and targeted advertising) and to measure and improve our performance	Cookies, browsing habits (online sessions, online visits), IP address, device ID, city, hashed emails	Remote transmission over the network at the time of collection	50 Months	Analytics and advertising	Article 28(8)(1) of the PIPA (Consent of the data subject) / Article 28(8)(1)(5) of the PIPA (Recognition of equivalence by the Personal Information Protection Commission)
Meta Platforms, Inc. (Opensource@meta.com)	Europe [link]	To provide analytics and advertising services (including personalized and targeted advertising) and to measure and improve our performance	Cookies, browsing habits (online sessions, online visits), IP address, device ID, city, hashed emails	Remote transmission over a network at the time of collection	2 Years	Advertising	Article 28(8)(1) of the PIPA (Consent of the data subject) / Article 28(8)(1)(5) of the PIPA (Recognition of equivalence by the Personal Information Protection Commission)
Salesforce, Inc. (Privacy@salesforce.com)	Europe (Salesforce eCommerce data centers: Europe; Salesforce Marketing Data Center: United States)	To provide e-commerce sales services and direct marketing services to you	Name, password, job title, gender, birthday, phone number, email address, preferred method of contact, country of residence, purchasing habits (purchase and refund history), collection preferences, cookies, IP address, shipping address, payment method	Remote Transfer Over Network at Point of Collection	7 Years	E-commerce and marketing services	Article 28(8)(1) of the PIPA (Consent of the data subject) / Article 28(8)(1)(5) of the PIPA (Recognition of equivalence by the Personal Information Protection Commission)
Microsoft Dynamics (Https://aka.ms/privacyresponse)	Supplier registered location: Italy / Dynamics data center location: Europe	Purpose of storage of customer profiling information	Gender, birthday, phone number, email address, preferred contact method, country of residence, purchasing habits (purchase and refund history), collection preferences, cookies, browsing habits (online sessions, online visit history), IP address, device ID, city, shipping address	Remote transmission over a network at the time of collection	7 Years	Retention of customer profiling information	Article 28(8)(1) of the PIPA (Consent of the data subject) / Article 28(8)(1)(5) of the PIPA (Recognition of equivalence by the Personal Information Protection Commission)
Strategy Inc. (privacy@strategy.com)	Italy	Customer management analysis purposes	Gender, birthday, phone number, email address, preferred contact method, country of residence, purchasing habits (purchase and refund history), collection preferences, city, shipping address	Remote transmission over the network at the time of collection	7 Years	Customer care analytics	Article 28(8)(1) of the PIPA (Consent of the data subject) / Article 28(8)(1)(5) of the PIPA (Recognition of equivalence by the Personal Information Protection Commission)

6. Methods of Personal Data Processing and Storage / Measures to Ensure Data Security

Personal data of users is processed in both documentary and electronic form, and is handled in compliance with applicable security requirements under relevant laws and regulations, including, without limitation, Article 29 of the PIPA. Our safeguards include contractual measures we enter into with third parties, such as service providers, to protect the safety and confidentiality of your personal data, as set out in this Privacy Policy. In particular, we have the following measures in place.

Administrative measures: Establishment and implementation of a personal data internal management plan, operation of a dedicated organization, regular training on personal data protection for employees, etc.

Technical measures: managing access rights to personal data processing systems, installing access control systems, encrypting uniquely identifiable information, installing and regularly updating security programs, etc.

Physical measures: Controlling access to physical storage facilities such as computer rooms, archives, etc.

7. Possibility of Disclosure of Sensitive Information and Options to Restrict Disclosure

Pursuant to Article 23(3) of the PIPA, where we determine that there is a risk of infringement of the data subject’s privacy due to the inclusion of sensitive personal data in information that may be disclosed in the course of providing our services, we shall, prior to the provision of such services, inform the data subject of the possibility that sensitive personal data may be disclosed and of the methods by which the data subject may choose to prevent such disclosure.

8. Installation, Operation, and Refusal of Automatic Personal Data Collection Devices

8.1 Installation, Operation, and Refusal of Automatic Personal Data Collection Devices

(1) We use cookies, which store and periodically retrieve usage information, in order to provide individualized services and convenience to data subjects.

(2) A cookie is a small piece of information sent by the server (HTTP) used for operating the Website to the data subject’s browser. Cookies are stored on the data subject’s computer or mobile device, and are automatically transmitted from the data subject’s browser to the server when the data subject accesses the Website.

(3) The data subject may configure browser settings to allow or block cookies, or otherwise manage cookie-related preferences through browser option settings.

How to manage cookie settings

(1) Through the Cookie Preference Center (OneTrust CMP)

You can withdraw or manage your consent to cookies directly from our website as follows.
1. Click the “Cookie Settings” link or icon at the bottom of the webpage or in the cookie banner.
2. In the Cookie Settings center, you can review the different types of cookies (e.g., essential cookies, technical cookies, performance cookies, personalization cookies, etc.
3. Enable or disable cookie types based on your preferences.
4. Your choices will be saved and applied automatically. You can change your settings at any time via the Cookie Settings Center.

(2) How to accept or block cookies in your web browser

Chrome

To block all cookies :
1. Select the “⋮” icon in the top right corner of your Chrome browser
2. Select a new incognito window (keyboard shortcut: Ctrl+Shift+N)
3. In incognito mode, your browsing history, cookies, site information, and form entries are not saved

Microsoft Edge

How to block all cookies :
1. Select the “...” icon in the top right corner of the Edge browser. icon in the top right corner of your browser
2. Select a new InPrivate window (keyboard shortcut: Ctrl+Shift+N).
3. InPrivate mode does not save your browsing history, cookies, or site information

8.2 Processing and Refusal of Behavioral Information

(1) In order to provide data subjects with optimized and personalized services and benefits, as well as customized online advertising, during their use of the Services, we process behavioral information in a manner that does not identify individuals, by utilizing cookies and other automatic data collection devices.

(2) Through the websites operated by our affiliates, we collect behavioral information as set forth below:

What we collect	Method of Collection	Purpose of collection	Retention and usage period
Access and usage history of our apps	Automatically collected when accessing and using web and apps	To provide customized services and benefits, online personalized advertisements, etc.	Until the purpose of collection and use is fulfilled

(3) This Website uses technical cookies, and, where the data subject has provided consent, also uses profiling cookies, analytics cookies, social cookies, and plug-in cookies, among others.

Further details regarding such cookies may be reviewed through the Cookie Policy [link].

8.3 Behavioral information collected by third parties

(1) When you visit or use our websites or applications, we allow third parties to collect behavioral information about you through automated collection devices, including third-party cookies and advertising identifiers. This is done to improve the efficiency of our services and to carry out advertising and marketing activities.

(2) Through our websites and mobile applications, some third parties may collect limited behavioral information for purposes such as analytics, performance measurement, personalization, and marketing. This collection is done through cookies and similar tracking technologies that help us understand how you use our digital services.

(3) The information collected may include browsing behavior information (e.g., pages visited, time on page, interactions with content, and paths traveled), but it does not directly identify individual users. This information is utilized to enhance user experience, improve website and app performance, and to provide more relevant content or advertising based on aggregated information.

(4) You will be notified of this collection via a cookie banner and can manage or withdraw your consent for non-essential cookies (e.g., performance, personalization, and marketing cookies) at any time through your consent management settings.

How to allow or block the collection of behavioral information

(1) Through the Cookie Preference Center (OneTrust CMP)

You can withdraw or manage your consent to behavioral tracking and marketing cookies directly from our website as follows.
1. Click the “Cookie Settings” link or icon displayed at the bottom of a webpage or in a cookie banner.
2. In the Cookie Preferences Center, review the items related to performance or targeting/advertising cookies, which are typically used to track behavior.
3. If you do not want behavioral information to be collected, disable the appropriate category.
4. Your choices will be saved and applied automatically. You can change your settings at any time via the Cookie Settings Center.

(2) How to allow or block the collection of behavioral information in your web browser

Chrome

To block third-party cookies :
1. select the “⋮” icon in the top right corner of your Chrome browser and select Settings
2. In the left menu, select Privacy and security, and then select Third-party cookies.
3. Select block third-party cookies

To block all cookies:
1. Select the “⋮” icon in the top right corner of the Chrome browser and select a new incognito window
2. In incognito mode, your browsing history, cookies, site information, and form inputs are not saved

Microsoft Edge

How to block third-party cookies :

1.. Select the “...” icon and select Settings
2. Select Privacy, search, and services, and under the Tracking prevention setting, select Balanced or Strict

3. Or Cookies and site permissions → Delete or manage cookies and site information, and enable Block third-party cookies.

To block all cookies :
1. “...” icon and select a new InPrivate window
2. InPrivate mode does not store browsing history, cookies, or site information

(3) How to allow or block the collection of behavioral information in mobile browsers

Chrome (Android devices)

How to block third-party cookies :
1. Open the Chrome app, select the "⋮" icon and select Settings
2. Select Site settings → Third-party cookies and block it
3. If you want to allow a specific site, select Add site exception and enter the URL

To block all cookies :
1. Select the "⋮" icon and choose a new incognito window
2. In incognito mode, your browsing history, cookies, etc. are not saved

Safari (iOS devices)

On your device, select Settings and then Safari

Select Advanced and then select Block All Cookies

Samsung Internet

How to block third-party cookies :
1. Access the Samsung Internet app, select the “≡” icon, and select Privacy
2. Under the Privacy dashboard, select Smart anti-tracking and set it to Always

To block all cookies :
1. select the tab icon, select Turn on incognito mode and start
2.Your browsing history and cookies will not be saved in Incognito mode

9. Rights of the data subject and how to exercise them

(1) The data subject may, at any time, exercise the following rights against Moncler, including the right to request access to, correction of, deletion of, suspension of the processing of personal data, and withdrawal of consent (collectively, the “Exercise of Rights”):

Right of Access: The data subject may request access to their personal data and information regarding the processing thereof. Upon request, a copy of the relevant personal data will be provided.

Right to Rectification: The data subject may request the correction, modification, or updating of personal data that is inaccurate or no longer up to date. The data subject may also supplement incomplete personal data by providing additional information.

Right to Withdraw Consent and Right to Request Suspension of Processing: The data subject may, at any time, withdraw consent or request the suspension of the processing of their personal data (including profiling). Where a request for withdrawal of consent or suspension of processing is received, the processing activities covered by such request will be discontinued. Processing of personal data not related to the request may continue. In addition, where a legal basis for processing exists, the processing of personal data may continue to the extent permitted under and in full compliance with applicable laws.

Right to Erasure: The data subject may request the deletion of their personal data where: (i) the personal data is no longer necessary for the purposes for which it was collected or processed; (ii) the personal data has been processed unlawfully; or (iii) Moncler no longer has a legitimate basis to process the personal data, or deletion is required to comply with legal obligations. However, where other applicable laws require the retention of specific personal data, a request for deletion of such personal data may not be granted. Upon receipt and review of a deletion request, and where such request is confirmed to be justified, the data subject’s personal data will be deleted.

(2) The Exercise of Rights may be made against us in accordance with Article 41(1) of the Enforcement Decree of the PIPA in writing, by telephone, by email, by facsimile (FAX), or via the Internet, and we shall take action on such requests without undue delay.

(3) The Exercise of Rights may also be made through a legal representative of the data subject or a person duly authorized by the data subject. In such cases, a power of attorney in the form prescribed in Appendix 11 (Notice on Methods of Processing Personal Data) must be submitted.

(4) The rights to request access to personal data and suspension of processing may be restricted pursuant to Article 35(4) and Article 37(2) of the PIPA.

(5) Where other applicable laws expressly require the collection or retention of specific personal data, the data subject may not request the deletion of such personal data.

(6) We may verify whether the person exercising the rights is the data subject or a duly authorized representative.

(7) To exercise the rights described above, please contact us through one of the methods set out below. We shall respond within ten (10) days from the date on which we receive a request for the Exercise of Rights from the data subject.

Through the Website: Submit an inquiry form via the “Contact Us” section of the Website [link], selecting “Personal Data” as the subject, and submit the request to customer service.

Direct Contact: Contact Moncler directly at the address specified in Section 10. Chief Privacy Officer / Personal Data Protection Department below.

10. Chief Privacy Officer / Personal Data Protection Department

(1) We are responsible for overseeing matters relating to the processing of personal data and, for the purpose of handling data subjects’ complaints and providing remedies in connection with the processing of personal data, we have designated a Chief Privacy Officer and a Personal Data Protection Department as set out below.

11. Remedies for Infringement of Data Subject Rights

Data subjects may seek relief for damages arising from infringements of personal data by applying for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency, or the Personal Information Infringement Report Center. For reports or consultations regarding other personal data infringements, data subjects may contact the institutions listed below.

Organization	Contact Information	Website
Personal Information Dispute Mediation Committee	1833-6972 (No area code)	ww.kopico.go.kr
Personal Information Infringement Report Center	118 (No area code)	Https://privacy.kisa.or.kr
Supreme Prosecutors' Office Cyber Investigation Division	1301 (No area code)	Www.spo.go.kr
National Police Agency Cybercrime Reporting System	182 (No area code)	Https://ecrm.police.go.kr/minwon/main

12. Processing of Pseudonymized Data

We process the personal data we collect in a pseudonymized form pursuant to Article 28-2 of the PIPA, and use such data for statistical analysis, analytics, scientific research, and public record preservation, while ensuring that individuals cannot be identified.

12.1 Use of Pseudonymized Information

Purpose of processing

Personal information processed

Retention and use period

(I) Integrated strategy and business analysis purposes

For statistical analysis, forecasting, and business strategy to improve our products and services

Categorized or pseudonymized usage and transaction information, demographic information, purchasing patterns and preferences, device and browsing information

Until the purpose of collection is fulfilled

12.2 Outsourcing the Processing of Pseudonymized Information

Pseudonymized information may be shared with external systems or service providers (including Microsoft Dynamics and Google LLC) solely for operational and integration purposes. In such cases, the information is processed in a form that does not allow identification of individuals and is handled in accordance with Article 28-2 of the PIPA.

12.3 Measures to ensure the safety of pseudonymized information

Administrative measures: Establishment and implementation of internal management plans for pseudonymized information, operation of dedicated organizations, and provision of regular personal data protection training for employees

Technical measures: Management of access rights to pseudonymized information processing systems, installation of access control systems, encryption of unique identifying information, installation of security programs, and regular updates

Physical measures: Access control for physical storage facilities containing pseudonymized information, such as data centers and document storage rooms

13. Changes to the Privacy Policy

This Privacy Policy is subject to change in accordance with applicable laws and internal policies. Any changes will be announced on our website or app along with the effective date.

Effective Date: 9.02.2026.

Previous Privacy Policies can be found below.

[Nov. 21, 2024 - July 10, 2025] Privacy Policy

[July 11, 2025 - July 30, 2025] Privacy Policy

[July 31, 2025 - November 29, 2025] Privacy Policy

[November 30, 2025 - December 8, 2025] Privacy Policy

[December 8, 2025 - December 9, 2025] Privacy Policy

[December 10, 2025 – Current]