Sustainability Report FY 2021

53 RUFFINO | Sustainability Report FY 2021 We have always concentrated on pro- cesses that protect personal data. Before the General Data Protection Regulation (GDPR) came into effect, we implemen- ted a GDPR compliance program, which culminating in the drafting of informa- tion sheets, contractual standards and company policies in line with the chan- ge, as well as in training sessions for all the personnel. Moreover, a permanent structure was set up to analyze and as- sess aspects connected to the protection of personal data that affects the routine business. We also set out and adopted a Data Pro- tection Agreement (DPA) internal stan- dard, which establishes the terms and conditions of the processing of personal data, which are required of the proces- sing officer. All employees who, while fulfilling their duties, process perso- nal data that the Group manages, have been duly authorized by authorization models aimed at covering the different types of treatment. In line with previous years, in FY 2021 we also implemented various internal checks to ensure compliance with the GDPR, with a special focus on the acti- vities carried out by the data processing officers. GDPR compliance is a prerogative for all initiatives, especially those aimed at consumers, such as campaigns in partnership with mass retail channels, campaigns pertaining to the hospitality activities provided by the companies in the Group and collecting contact infor- mation for direct marketing activities by Ruffino S.r.l. This prudent management has resulted in no complaints or violations of perso- nal data in the three-year period. Protecting and processing personal data