This Privacy Policy contains information that regulates the processing of personal data of users (hereinafter referred to as the “User”) who access and use the following sites, owned by Milor SpA, or by companies controlled by it, in particular:

www.bronzallure.it
www.bronzallure.com
www.bronzallure.eu
www.etruscagioielli.com
www.albertm.it
www.duomilor.it
www.milor.com
www.galleria-milano.com
www.elledilinda.com

each individually identified as "the Site") for its consultation and for the purchase of the products on sale. (“Products”).

Milor SpA (“The Owner”) is registered in the Company Register of the Chamber of Commerce of Milan, CF / VAT no. 04362490155; the registered office is in Via dei Gracchi, 35 20146 Milan, email: privacy@milor.com .

This Privacy Policy is to be considered an integral and substantial part of the Conditions of Use of each site and of the cookies policy.

The information contained in the Privacy Policy is extended in accordance with art. 13 of Legislative Decree 30 June 2003 n. 196 and subsequent amendments - (the "Privacy Code") and art. 13 of EU Regulation 2016/679 ("GDPR") to all Users who access and use the Site and/or purchase Products on the Site. This Policy refers solely to the use of the Site and to no other third-party site, even if referred to in any way within the Site.

Any changes will be effective immediately and will apply only to Users who use the Site after the date of such change. Consequently, we invite you to refer to it each time you visit our Site to take note of its latest version available on the Site.

Version of May 10, 2018

The data entered by the User when registering on the Site or for the Site newsletter and when placing each order will be used for purposes strictly related to the purpose indicated at the time of data collection and/or for the purposes indicated in this Privacy Policy. More specifically, for sending the newsletter and/or for executing the order request and all related services, such as payment and delivery.

The User's personal data may also be used by the Owner and by third parties authorized by the Owner to fulfill all accounting and tax obligations relating to the purchase of the Products and to complete all activities strictly related and preparatory to the management of the Site-Customer relationship.

In particular: carry out operations relating to our commercial relationship, namely concerning your registration to the Services (in particular the verification of the veracity of your email), Orders, deliveries, invoices, accounting, the follow-up of the "customer relationship" with a Member, and the carrying out of satisfaction surveys, the management of complaints and after-sales service, refunds, specific commercial gestures, return of Orders, exercise of your right of withdrawal, management of outstanding debts and disputes.

In the event that the User has given consent, such personal data may be used for other purposes related to the sale of products on the Site:
1. sending promotions, offers and suggestions on the Products for sale;
2. verification of user satisfaction;
3. sending promotional and/or advertising information relating to other activities of the Site and its Partners;
4. carry out market research and post-sales analysis.
5. offer you commercial offers close to your geographical location, particularly in the context of offers that may include the “Collect in store” service;
6. the management of your comments on the Site and/or on the internet pages edited by us and hosted on the websites of our Social Networks.

All User data collected will be processed exclusively and with due expertise by persons specifically appointed to this task and specifically trained in the matter. The purposes of the processing are those for which the data were collected, mainly with electronic and computer tools.

The data will be stored on computer and paper media, as well as on any other media deemed suitable and compliant with the security measures imposed by applicable regulations. The data is stored in such a way as to make it possible to identify the User in the minimum time necessary to achieve the objectives for which it was collected and then processed and, in any case, always in compliance with legal requirements.

Any damage caused by causes not directly attributable to the Owner such as inaccessibility of the Site, or viruses, damaged files, interruption of internet or telephone connections, or other causes similar to the cases listed above are not attributable to the Owner.

Furthermore, the User is required to diligently and responsibly store all personal information strictly connected to the Site, such as the login credentials to the Site, any order and shipping codes or other data. Any theft or improper use of this data, and the consequences deriving from these events are the complete responsibility of the User.

The personal data requested by the Owner during navigation of the Site may be mandatory or optional. Failure by the User to provide mandatory data will result in failure to carry out the purpose for which they were requested. The compilation of optional data, however, is entirely subject to the discretion of the User who can choose whether to provide them or not. In this case, refusal does not entail any consequences in the execution of the purposes indicated at the time of the request.

The User is also responsible for constantly updating such data, so as to allow the Owner to exercise all services effectively and efficiently without incurring delays, errors or additional costs resulting from the failure to update such data.

In particular, the Owner collects the Data that you voluntarily declare from a collection form on the Site including socio-professional information (for example your profile, your surname, traditional name, names, gender, date of birth, godfather and/or delivery address, profession).

When placing an Order, our banking providers also collect and process Personal Data relating to your means of payment (credit card number, credit card expiry date and expiry date, visual cryptogram - as it will not be retained, etc.). For our part, we may process the partial number of your credit card consisting of the first six (6) numbers and the last four (4) numbers and the expiry date of your credit card as transmitted to us by your bank. Therefore, this payment identifier does not allow banking transactions to be carried out.

We also collect information relating to the transaction carried out (transaction number, purchase details, etc.), or relating to the payment of invoices issued from or through the Site (payment methods, discounts granted, receipts, balances and missed payments, or relating to credits subscribed, the amount and duration, etc.).

The Data Controller processes the Data relating to the control of the commercial relationship with you: product and/or service purchased, quantity, amount, frequency, delivery and/or billing address(es), telephone number, security code, and any other relevant information on the delivery (control number, shipment location, etc.), history of purchases and services provided, product returns, correspondence and/or telephone exchanges between you and our after-sales service, etc.

The communication of the User's personal data to third parties is subject to compliance with the limits imposed by law and the purposes declared and foreseen in point 1. The third parties involved fall into the following categories:

1. those responsible for warehouse, packaging, shipping, delivery and product return services;
2. the subjects appointed by the Data Controller for the administrative, contractual, accounting and legal management of the Site's activities;
3. credit institutions, insurance companies and the company(ies) responsible for managing payments, including electronic ones;
4. the persons responsible for managing and maintaining the Site and all its functions;
5. any other subjects to whom the Data Controller has given the possibility of access to the data, always in compliance with the provisions of the law or regulations.
6. affiliated, related companies, and offices associated with our Company,

Finally, the User's personal data may be used for competitions and/or participation in prizes, for sending advertising and promotional material relating to the Site and the Owner's Partners, only with the explicit and voluntary consent expressed by the User.

In cases where the data processing requires the explicit and voluntary consent of the User, it will be collected specifically with an explanation of the individual purposes pursued. It is specified that art. 6 of the GDPR provides for cases in which the data processing does not require the express authorization of the User, such as for example for the fulfillment of legal or contractual obligations undertaken towards the User.

The User has the right to request confirmation at any time of the existence of personal data concerning him, pursuant to articles 12 and following of the GDPR.

In accordance in particular with the Regulation on Personal Data, you benefit from the following Specific Rights:

access (Article 15 of the GDPR),
b. rectification (Article 16 of the GDPR),
c. cancellation (Article 17 of the GDPR),
d. limitation of processing (article 18 of the GDPR)
e. transferability (Article 20 of the GDPR)
f. opposition (articles 21 and 22 of the GDPR)
g. post-mortem directives (Law No. 78-17 of 6 January 1978 relating to information technology, files and liberties);

You have the possibility to obtain from the Owner confirmation as to whether or not the data concerning you are being processed and, where that is the case, access to such data and the following information:

1. the purposes of the processing;
2. the categories of data;
3. the recipients or categories of recipients to whom the data are or will be communicated;
4. where possible, the envisaged duration for which the data will be stored or, when this is not possible, the criteria used to determine that duration;
5. the existence of the right to ask the Data Controller to rectify or delete data, or to limit the processing of your data, or the right to object to such processing;
6. where the data is not collected from you, any available information regarding their source;
7. where data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards relating to such transfer.

You have the right to obtain from the Owner, as soon as possible, the rectification of data concerning you that are inaccurate. You also have the right to ask for incomplete data to be completed, even if it is necessary to provide a supplementary declaration.

You have the possibility to obtain from the Data Controller the cancellation, as soon as possible, of data concerning you when for one of the following reasons:

a. the data are no longer necessary in light of the purposes for which they were collected or otherwise processed by the Data Controller,
b. you have withdrawn your consent to the processing of this data and there is no other legal basis for the processing;
c. exercise your right to object under the conditions set out below
d. there is no overriding legitimate reason for the processing;
e. the data has been subject to unlawful processing;
f. the data must be deleted to comply with a legal obligation;
g. the data was provided by a child.

You have the possibility to obtain from the Data Controller the limitation of the processing of your data in application of one of the following reasons:

a. the Data Controller verifies the accuracy of the data following your dispute of the accuracy of the data.
b. the processing is unlawful and you oppose the erasure of the data and instead request the limitation of their use;
c. the Data Controller no longer needs the data for the purposes of their processing but they are still necessary for the establishment, exercise and/or defence of legal claims;
d. you have objected to the processing under the conditions set out below and the Data Controller verifies to find out whether the legitimate reasons pursued prevail over the reasons given.

You have the possibility to receive from the Data Controller the data concerning you in a structured, commonly used and machine-readable format when:

1. The data processing is based on consent and/or a contract, and
2. The processing is carried out with the help of automated procedures.

When exercising your right to portability you have the right to have the data transmitted directly from the Data Controller to a data controller that you can designate when technically possible.

You have the right to object at any time, for reasons relating to your particular situation, to the processing of data concerning you based on the legitimate interest of the Data Controller. In this case, the data will no longer be processed unless it demonstrates that there are legitimate and compelling reasons for the processing that prevail over your interests and your rights and freedoms, or may retain them for the purposes of establishing, exercising or defending rights in court.

When data is processed for prospecting purposes, you can object to the processing of this data at any time.

Finally, the User has the right to object, in whole or in part for legitimate reasons, to the processing of personal data concerning him/her, even if pertinent to the purpose of the collection, as well as to the processing of personal data concerning him/her for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communication.

To exercise your rights, you may contact the following addresses: Tony Srl - Via Carducci 32, 2012 Milan - email: privacy@milor.it

The Data Controller of the personal data of Users who use the Site is Milor SpA - Via dei Gracchi 35, 20146 Milan. To exercise their rights and for any further information regarding the processing of data, the User may contact the Data Controller at the following addresses: Milor SpA - Via dei Gracchi 35, 20146 Milan - email: privacy@milor.it .

Your Personal Data is retained on an active basis for a period of three (3) years from your last activity on the Site or on an electronic communication medium (particularly an email message) or, after this period, your profile is considered "inactive" and will be automatically deactivated. It is therefore up to you to create a new one for any new Orders.

Your Personal Data in connection with an Order are retained for a period of three (3) years from an Order. They remain accessible to you and us, particularly after the creation of your account to allow you and us to have a complete history of your Orders. We can delete them at any time upon simple request from you.

However, at the end of the aforementioned periods, and if applicable, from your request for deletion, your Personal Data may be subject to intermediate archiving in order to comply with our legal, accounting and tax obligations.

The Site is present on Social networks. For more information on the protection of your Data while browsing on these Social networks, we invite you to consult their respective privacy policies.

To allow us to proceed with a registration or an easier connection to our Site, you may have the possibility to authenticate yourself on our Site via a Social network. Simply click on the dedicated button to automatically pre-fill your registration form on the Site based on the information you have already provided to the Social network. For our part and as recipient, we can collect information when you navigate on the pages of our Social networks or use their authentication features.

A “cookie” is a connection marker that designates a text file that can be recorded, according to your choices, in a dedicated space on the hard drive of your Terminal, when you consult the Site. A cookie file allows its issuer to identify the Terminal in which it is recorded, for the duration of validity or registration of the cookie, for which it must be considered as Personal Data.

When you connect to our Site, we may be induced, based on your choices, to install various Cookies on your Terminal that allow us to recognize the browser of your Terminal during the period of validity of the Cookie in question.

No personal data of users is acquired by the Site in this regard. Cookies are not used to transmit information of a personal nature, nor are persistent cookies of any kind used, or systems for tracking users.

The use of so-called session cookies (which are not stored permanently on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the site. The so-called session cookies used on this site avoid the use of other IT techniques potentially prejudicial to the confidentiality of user navigation and do not allow the acquisition of personal data identifying the user.

The Code of Ethics represents the Identity Card of an organization; it expresses the guidelines of conduct that must inspire the behavior of its members and is the main means of spreading the culture of ethics within the company. The diffusion of the Code of Ethics has increased over the last few years, also by virtue of specific legal provisions that, especially at an international level, have induced companies and other organizations to adopt it.

As a result of the globalization of markets, there is an increasingly felt, at a global level, a concrete need to introduce and make explicit in economic models rules of an ethical and social nature that allow the objectives of profit and value creation to coexist with respect for the demands and interests of the subjects involved in business activity, not only in national and international relations but also in corporate environments (either because the expectations and interests, although legitimate, of the various subjects involved - Shareholders, Collaborators, Suppliers, Customers, Commercial Partners etc. - may be in conflict with each other, or because in some cases there is a risk that actual behavior does not correspond at all to the proclaimed principles).

In the Italian panorama, the importance of equipping oneself with a tool such as the Code of Ethics is emphasized, among other things, by the provision of a specific responsibility of the entities as a consequence of the commission of crimes pursuant to Legislative Decree 8 June 2001 n. 231.
In this context, the companies belonging to the Milor group (the “Group”) have always been committed to the application of rigorous principles observed in carrying out the various activities and have always been characterised by the seriousness, reliability and professionalism of the work of their Management, Employees and Collaborators, thus acquiring over the years a consolidated reputation also appreciated at an international level.

In order to pursue continuous improvement objectives, Milor has deemed it appropriate to adopt and issue this Code of Ethics of conduct which sets out the corporate principles and values ​​that it has pursued over the years, highlighting rules of conduct whose observance - by all those who, in any capacity, operate in the name and on behalf of the Group's companies - is essential to maintain and improve the regular functioning, reliability of corporate processes and the image of the Group itself.

The operations and behaviors of all recipients of this Code of Ethics must refer to these principles and rules, both in internal professional relationships and in relationships with parties external to the Group.

The Group recognizes the importance of ethical and social responsibility in the conduct of business and corporate activities and is committed to respecting the legitimate interests of Shareholders, Directors, Employees, Collaborators, Customers, Suppliers and Business Partners.

The Group companies are therefore committed to:

－ maintain consistency with the policies always adopted in terms of correctness, transparency, trust and cooperation in conducting business;
－ maintain an active role in the market, economic development and technological progress of the sectors in which it operates;
－ pursue a solid and sustainable value from an economic, financial and social perspective, built on the trust of Customers, on the motivation of Collaborators and on the responsible and constructive relationship with the territory;
－continuously improve the quality of the products and services offered to the Customer, increase the latter's satisfaction through effective and fair competition on the market, in full and absolute compliance with the law and regulations in force in the countries in which it operates;
－ raise awareness and involve Suppliers in a proactive role, particularly with regard to compliance with laws and regulations in the supply of goods and services and with regard to transparency and contribute, among other things, to spontaneous compliance by each Employee and Collaborator.
－ promote the personal and professional development of its Collaborators and motivate them to have a sense of belonging and to seek continuous improvement in efficiency and effectiveness in order to increase corporate and personal satisfaction and well-being.

At the same time, it requires all Employees belonging to the Group's companies and all those who cooperate in the exercise of business activities to comply with the company rules and the provisions established in this Code of Ethics.

The achievement of these objectives can in fact only occur through the constant and active participation of all the subjects involved in the business activities of the Group's companies and the full awareness, on their part, that these goals must be achieved in compliance with those reference values ​​and rules of conduct that, through this Code of Ethics, are made explicit.

The rules contained in this Code of Ethics and the principles of conduct for the conduct of business and in interpersonal relationships must not, therefore, appear to the recipient of this document as "obvious", but rather as a tool for reflection on the values ​​referred to: personal adherence to these values ​​contributes, among other things, to spontaneous respect on the part of each Employee and Collaborator.

The reference values ​​and rules of conduct set out in the Code of Ethics are binding for all Group companies, for their Directors, Employees and Third Parties who in any capacity operate in the interest of the Group; the latter include Agents, Technical Assistance, Suppliers, Distributors, developers, Consultants and Collaborators in general (hereinafter “Collaborators”). In particular, the Directors are required to be inspired by these values ​​and rules of conduct when setting the objectives of the companies in the Group, when proposing investments and carrying out projects, as well as in any decision or action relating to the management of the companies.

Employees with managerial qualifications, in concretely implementing the management activity of the Group's companies, must be inspired by the same values ​​and rules of conduct both within the Group, thus strengthening cohesion and the spirit of mutual collaboration, and towards third parties who come into contact with the Group itself.

All Employees are required to comply, in carrying out their functions and responsibilities, with the principles and rules of conduct contained in the Code of Ethics, procedures, regulations and company policies.

All Employees are also required to demand compliance with the principles and rules contained in this Code of Ethics also by independent third-party Collaborators who, in any capacity, operate in the interest of the Group. They undertake to inform Collaborators of the content of this Code of Ethics and instruct them to comply with the rules contained therein.

The Group's Collaborators are required to adapt their behavior to the provisions of the Code, the procedures and the company regulations.

Compliance with Laws and Regulations
The Group companies recognize as an essential principle the respect of the laws and regulations in force in all the countries in which they operate. The Directors, Employees and Collaborators who in various capacities are involved in the Group's business activities are therefore required to carry out their activities in a context of maximum transparency and in absolute compliance with the laws and regulations in force in the place and at the time in which they operate. They therefore undertake to have the best possible knowledge of the applicable regulations relating to their activity and of the responsibilities arising from the violation of the same. In no case can the pursuit of the Group's interest justify an action that does not comply with the laws and regulations.

Integrity
Moral integrity is a constant duty of all those who work in the name and/or on behalf of the Group companies. All recipients of this Code of Ethics are required to pursue the objectives with honesty, fairness and responsibility and to maintain a conduct based on respect for the rules, laws and professional ethics.

Transparency and completeness of information
The Group companies promote transparency in communications, formal agreements and criteria that are the basis of the behaviors followed in order to allow autonomous and informed choices by the subjects involved. All recipients of this Code of Ethics are required to respect the principles of truthfulness, correctness, completeness, accuracy and transparency of information and to communicate the Group's image clearly and diligently in all its internal and external relationships.

Value of the person
The Group's companies promote respect for the physical, moral and cultural integrity of the person; they guarantee working conditions that respect individual dignity and safe working environments. All recipients of this Code of Ethics are called upon to promote listening and dialogue as levers for improvement and continuous stimulation for the search for proposed solutions not only in relationships with customers but also in relationships with their Collaborators and colleagues, respecting the professionalism and competence of each.

Equity and equal opportunities
The Group companies are committed to avoiding any discrimination in personal conduct and to respecting differences in gender, age, race, religion, political or union affiliation, language or disability. All recipients of this Code of Ethics are called upon to operate taking into account the specific circumstances; not engaging in discriminatory and opportunistic behavior but rather contributing to bringing out the potential of each individual.

Correctness
In conducting any business, situations must be avoided in which the parties involved in the transactions are, or may even appear to be, in conflict of interest.

Relations with control bodies
Relationships with control bodies are inspired by principles of transparency, completeness, truthfulness and correctness of information.
Information that, according to current legislation, must be communicated to the control bodies may not be omitted or distorted.

Confidentiality
Milor ensures the confidentiality of the information in its possession and refrains from seeking confidential data, except in the case of express and conscious authorization in accordance with the legal provisions in force. The Group's collaborators are required not to use confidential information for purposes not connected with the performance of their work duties.

Market freedom
Milor conforms its activity to the protection of the principles of competition and market freedom and, compatibly with the management autonomy of the individual subsidiaries, orients the Group's activity towards these principles.

Milor's Code of Ethics is addressed to all the companies of the Group, their Directors, Employees and Collaborators, regardless of the specific organizational production and/or commercial realities and explicitly states the rules of conduct which all recipients are required to comply with. Directors, Managers, Employees and Collaborators who have contractual relationships with the Group in any capacity are required to observe and ensure compliance with these principles within the scope of their functions and responsibilities, as well as to collaborate in the preparation of adequate procedures aimed at safeguarding the interests of the Group.

In compliance with the values ​​stated above, the Group recognizes human resources as an indispensable element for competing successfully on the market and for achieving corporate objectives, as well as the importance of establishing relationships with them based on loyalty and mutual trust.

The Group companies must ensure that the selection, classification and career path of company personnel, as well as the choice of Employees and Collaborators in various capacities, respond exclusively, without any discrimination, to objective considerations of the professional and personal characteristics necessary for the execution of the work to be performed and the abilities demonstrated in fulfilling the same. The Group companies must reject any discriminatory behavior implemented with regard to access to work, the attribution of qualifications and duties, career progression or the attribution of tasks.

Resource selection and management
In light of the above, company policies for the selection, remuneration and training of Employees and Collaborators must be based on criteria of professionalism, seriousness, competence and merit. In particular, the relevant functions must ensure that:

－ the resources acquired correspond to the profiles actually necessary for the company's needs, avoiding favoritism and facilitations of any kind in compliance with equal opportunities and without any discrimination on the private sphere and opinions of the candidates;
－ fair and consistent behavior is maintained among Employees and Collaborators, preventing abuse and discrimination based on sex, race, religion, political affiliation, trade union, language, age or different ability;
－ fair treatment and equal opportunities are guaranteed in the assignment of roles or duties, considering mobility between different job positions as an element to promote professional growth.

Professional development and training of resources
The companies of the Group undertake to contribute to the training and professional growth of their Employees and Collaborators by offering them, periodically, opportunities for mutual knowledge and information on their respective work experiences, as well as other training interventions, and this in order to promote growth and allow them to develop their professional competence within the Group.

For this reason, Managers and Function Managers are required to pay the utmost attention to enhancing and increasing the professionalism of their colleagues and Collaborators by creating the conditions for the development of their skills and the realization of their potential. In particular, the responsible functions must ensure that:

－ the conditions necessary to develop the skills, abilities and talent of each individual are maintained in compliance with the company's equal opportunities policies;
－ systems for evaluating behavior, skills, knowledge and potential are maintained according to criteria of transparency and meritocracy;
－ the possibility of expressing one's individuality at work is recognized, valorizing the diversity and specificity of each individual, as an essential contribution to the growth of the Group;
－ conditions are maintained that enable each person to best interpret their role by promoting the constant improvement of the level of competence and developing the ability to work in a team to contribute to the achievement of the company's objectives;
－ training that is also attentive to individual needs should be proposed, evaluated and developed in defining training paths.

Work environment
All Employees and Collaborators must be treated in strict compliance with the principles set forth in this Code of Ethics and within a climate that promotes maximum communication and cooperation, among themselves and with superiors and subordinates, with a view to a common and shared objective of growth and consolidation of the spirit of belonging to the Group. In particular, the Company's Top Management, Managers, Employees and Collaborators who operate in various capacities on behalf and/or in the name of the Group's companies must:

－ base your interpersonal and professional relationships on criteria and behaviors of correctness, loyalty and mutual respect;
－ promote and support respect for the personality of each colleague and Collaborator as a fundamental element for the development of a work environment permeated by mutual trust and the contribution of each individual;
－ commit to creating a working environment that guarantees, to all those who interact in any capacity with the companies of the Group, conditions that respect personal dignity and in which the characteristics of individuals cannot give rise to discrimination or conditioning;
－ aim to create a working environment that is always stimulating and rewarding and which therefore encourages the development of each individual's potential.

The most rigorous accounting transparency of each company of the Group is, at any time and under any circumstances, a priority requirement of the Group itself. The procurement and disbursement of financial resources, as well as their administration and control, must always comply with the approval and authorization procedures of the Group. Directors, Employees, Collaborators and all those who have relationships with the Group in any capacity must behave in a strictly correct, transparent and collaborative manner in compliance with the law and company procedures in all activities aimed at preparing the financial statements and other corporate communications. In particular, the following is mandatory: － everyone is required to strictly observe the established procedures and to provide maximum collaboration so that management facts are presented correctly and promptly in the company accounts; － each within the scope of their respective competences and functions, must adhere to the most rigorous principles of transparency, correctness and truthfulness in the preparation of documents and accounting data, as well as of any registration pertaining to the administration; － in the case of economic-patrimonial elements based on valuations, the related registration must be carried out by clearly illustrating, in the relevant documentation, the criteria that guided the determination of the value of the asset; － the documentation supporting each accounting operation must be adequate, truthful, clear and complete; it must be kept on file, in such a way as to allow at any time the control of the characteristics of the operation, the reasons, and the precise identification of who, in the various phases, authorised, carried out, recorded and verified the operation itself; the competences must be clearly defined and known within the organisation; － the related accounting record must clearly, completely and truthfully reflect what is described in the supporting documentation; － the supporting documentation must be easily accessible and archived according to appropriate criteria that allow easy consultation by both internal bodies and external bodies authorised to carry out controls.

Accuracy of financial flows
Any operation that may involve even the slightest possibility of the Company being involved in cases of receiving stolen goods, money laundering, or use of goods or money of illicit origin is strictly prohibited. Financial flows must be managed by ensuring complete traceability of operations, maintaining adequate documentation and always within the limits of the responsibilities assigned to each individual. To this end, it is necessary to comply with the following principles regarding documentation and record keeping:
－ all payments and other transfers made by or to the Company must be accurately and fully recorded in the Company's accounting systems;
－. all payments must be made only to the subjects and for the activities contractually formalized and/or approved by the Company.

The Company implements the necessary controls to verify the authenticity of cash collected and used in the context of company activities. Recipients are required to exercise the utmost diligence and attention in managing cash to ensure that counterfeit money is not collected or spent. The Company is committed to ensuring that the gold used for the production of its goldsmith articles does not come from geographical areas of the world involved in war conflicts generated by economic interests for the control of the extraction of precious metals. Furthermore, it confirms that it is committed to the responsible sourcing of gold.

To this end, we are committed to ensuring compliance with the Dodd Frank Act and to purchasing gold only from banks, metal banks or refiners that are on the LBMA Good Delivery List or that are certified by the RJC (Responsible Jewellery Council) organization.

In compliance with current legislation, the Group companies undertake to guarantee the protection of privacy with regard to information pertaining to the private sphere and opinions of each of their Employees and those who interact with the Group. Employees and Collaborators who act in the name or on behalf of the Group companies are required to process personal data in full compliance with current legislation on privacy protection, according to the directives given to them. In particular, they are required to:

－ acquire and process only the data necessary and directly connected to their functions;
－ respect the confidential and proprietary nature of the information;
－ acquire and process data for specific, explicit and legitimate purposes;
－ acquire and process data that are relevant, accurate, complete and not excessive in relation to the purposes for which they were collected and subsequently processed, ensuring that they are updated as required;
－ store such data in such a way as to prevent third parties from gaining knowledge of it;
－ communicate and disclose data only within the scope of established procedures or with the prior authorization of the designated managers;
－ store the data in a form which permits identification of the interested party for a period of time not exceeding that necessary for the purposes for which they were collected and subsequently processed.

Management, Employees or Collaborators in charge of processing personal data must adopt all appropriate measures to avoid the risks of destruction or loss, even accidental, of the aforementioned data, of unauthorized access to the same or of processing that is not permitted or not compliant with the purposes of collection; these measures are identified and periodically updated within the Group companies.

The Group's companies aim to maintain the highest levels of hygiene and safety and to guarantee the necessary prevention measures against accidents and illnesses in the workplace. Everyone must contribute to maintaining a healthy and safe working environment and guarantee the safety of their colleagues and Collaborators of various kinds.

Each corporate function must do everything possible to always have full knowledge, for the sector of its responsibility, of the rights and obligations of the Group arising from laws, contracts or relationships with the Public Administration and must not engage in any behavior that could harm, in any way, the interests of the Group.

All Employees and Collaborators who operate on behalf of or in the name of the Group's companies are strictly prohibited from revealing to third parties information not known to the public regarding projects, acquisitions, mergers, commercial strategies and, more generally, information regarding the Group's companies of which they have become aware or whose disclosure could, in any case, be detrimental to the interests of the Group itself.

Each individual has the responsibility to safeguard, conserve and defend the Group's assets and resources entrusted to him/her in the context of his/her activity and has the obligation to use them in a proper and compliant manner, preventing any improper use.

In order to protect the integrity of the company's assets, it is specifically prohibited, outside of cases permitted by law, to:

－ return contributions in any form or release members from the obligation to make them;
－ distribute profits not actually earned or allocated by law to reserves, or to reserves not distributable by law, purchase or subscribe to shares or
company shares;
－ carry out reductions in share capital, mergers or demergers in violation of the rules established to protect creditors; fictitiously sign or increase the share capital; satisfy, in the event of liquidation, the claims of the members to the detriment of the company's creditors.

This context includes all those relationships, pertaining to the activity of the Group's companies, held with public officials or with public service representatives who operate on behalf of the Public Administration or national and foreign legislative bodies, community institutions, public organisations of any foreign State.

Relations with governments and public institutions are reserved for corporate functions authorized to establish and manage such relations on the basis of the provisions of the service orders and procedures in force at the time. Such relations must be undertaken and managed in absolute and rigorous compliance with the laws and regulations in force, the rules and principles established in the Code of Ethics and the internal procedures of reference.

Attention and care must be paid to relationships with the above-mentioned subjects, in particular in the areas relating to: tenders, contracts, authorisations, licences, concessions, requests and/or management and use of funding of any kind from public sources (national or EU), management of orders, relationships with supervisory authorities or other independent authorities, social security bodies, tax collection bodies, civil, criminal or administrative proceedings. Attention and care must also be paid to those sectors which, although they do not imply direct relationships aimed at concluding business with the Public Administration, are considered to support business activities such as the management of financial flows and the management and security of IT data.

The above-mentioned operations and the related management of financial resources must be undertaken in due compliance with the laws, the principles of the Code of Ethics and in full observance of internal procedures. In particular, it is expressly forbidden to:

－ accept, give or promise, either directly or indirectly or through an intermediary, money, gifts, goods, services, benefits or favours to public officials - or to persons related to them by kinship or affinity - in order to promote and favour their own interests or the interests of the Group's companies, or even to compensate or repay for an act of their office, or to achieve the execution of an act
contrary to the duties of their office;
－ receiving, offering or promising gifts or other forms of presents to public officials or to persons related to them by kinship or affinity – when such gifts, in consideration of their value, exceed normal commercial and courtesy practices or in any case are positioned outside of what is foreseen
from internal company protocols;
－ hire personnel, assign agency, consultancy or other types of assignments, in the event that the hiring or assignment is – or may appear to be – aimed at an exchange of favours with subjects belonging, or previously belonging, to the Public Administration
Administration;
recognize compensation in favor of external Collaborators that are not adequately justified by the type of task to be carried out and by the practices in force at a local level;
－ submitting untrue statements or other documentation to public bodies in order to influence the independence of judgment;
－ submit untrue declarations or other documentation to national or community public bodies in order to obtain public grants, contributions or subsidized financing;
－ allocate sums received from national or community public bodies as grants, contributions or financing for purposes other than those for which they were intended;
－ alter the functioning of a computer or telematic system or manipulate the data contained therein in order to obtain an unfair profit by causing damage to the Public Administration.

In relations with the Public Administration it is necessary to always operate in compliance with the law, with the express prohibition of engaging in behaviors that, in order to bring advantages to the Group, are such as to constitute criminal offenses.

Supplier Relations
The Directors, Employees and Collaborators of the Group companies are required to ensure equal opportunities in the selection of Suppliers, taking into account their compatibility and suitability to the size and needs of the Group. In particular, the functions responsible for selecting independent third parties such as consultants, agents, suppliers of goods, merchandise and services must ensure that:

－ are selected on the basis of objective evaluations and parameters (such as quality, convenience, price, capacity and efficiency, etc.) aimed at protecting the commercial and industrial interests of the Group and, in any case, at creating greater value for the same;
－ are selected according to criteria of reliability and integrity, also in light of the need to respect the reference values, the rules of conduct contained in the Code of Ethics and internal procedures, using the written form and in compliance with the hierarchical structure of the Group;
－ the Group's policies are communicated to them and specific contractual clauses are provided for regarding compliance with this Code of Ethics.
The responsible functions must also ensure that continuous awareness and involvement of Suppliers is guaranteed in a proactive role and a responsible attitude, particularly with regard to transparency, communication, compliance with laws and regulations, and which promotes awareness of the risks and social and ethical opportunities arising from their activities.

Customer Relations
In their relations with Customers, whether public or private, the Directors, Employees and Collaborators of the Group's companies are required to:

－ develop and maintain favorable and long-lasting relationships with them, based on maximum efficiency, collaboration and courtesy;
－ operate within the framework of current legislation and require its strict compliance;
－ ensure that the declarations and attestations made to them are accurate and truthful;
－ comply with commitments and obligations undertaken towards them;
－ provide accurate, complete, truthful and timely information to enable the Customer to make informed decisions.

In business relationships with Suppliers and Customers, company policies must be respected, basing relationships on maximum correctness, especially in the management and conclusion of contracts, avoiding conflicts of interest, even potential ones.

Without prejudice to the provisions of the paragraph “Relations with the Public Administration”, in business relations with Suppliers and Customers, gifts, presents, acts of courtesy or hospitality are prohibited (both directly and indirectly) unless they are of such a nature that they do not compromise the image of the Group and cannot be interpreted as being aimed at obtaining preferential treatment that is not determined by legitimate market rules. In any case, any gifts, acts of courtesy and hospitality that do not fall within normal customs must be adequately documented and communicated to the person in charge so that he or she can assess their appropriateness. An Employee or Collaborator who receives gifts or preferential treatment from Suppliers or Customers that go beyond ordinary courtesy must immediately notify his or her hierarchical superior; after appropriate checks with the relevant management, the companies will, through the relevant functions, inform the person making the gift, present, etc. of the Group's policy on the matter.

The companies of the Group are committed to ensuring maximum competitiveness on the market and, therefore, their commercial policy must be based on compliance with the regulations governing competition, both on the national market and at an international level.

All recipients of this Code of Ethics must always keep themselves updated on the legislation in force and consult their hierarchical superior before entering into any agreement or understanding that could have effects of presumed unfair competition.

The Company's Top Management, Employees and Collaborators who act in the name and on behalf of the Group's companies are required to operate in order to avoid situations in conflict with the interests of the Group itself. By way of example but not limited to, the following constitute conflicts of interest:

－ the exploitation of one's functional position to achieve interests that conflict with company colleagues;
－ the use of information acquired in the performance of work activities for one's own benefit or that of third parties and in any case in conflict with the interests of the Group;
－ the participation – overt or covert – of the Employee in the activities of Suppliers, Customers, competitors;
－ carrying out work activities of any kind for Customers, Suppliers, competitors and/or third parties, in conflict with the interests of the Group. In particular, for Employees, the acceptance of any professional assignment offered by third parties must be previously assessed with the hierarchical superior and with the Human Resources Director of Milor SpA in order to assess the absence of any incompatibility or prejudicial situations.

Everyone has the duty to promptly report to the competent management any situation that may be considered, even potentially, prejudicial to the rights and interests of the Group so that the same management can proceed, equally promptly, with the necessary protective actions.

Relations with Bodies responsible for legally assigned control or auditing activities, and relations with auditing firms, must be characterised by maximum correctness, transparency and collaboration, in full compliance with the laws and regulations in force.

In particular, auditors, both internal and external, must have free access to data, documents and information necessary for the performance of their activities. It is expressly forbidden to impede or hinder the performance of the control or audit activity legally attributed to the partners, other corporate bodies or the auditing firm.

The same obligations extend to relations with the Supervisory Body which, within the scope of the responsibilities provided for by the respective Organization and Management Models voluntarily prepared by the Group companies pursuant to Legislative Decree no. 231 of 8 June 2001 “Regulation of the administrative liability of legal persons, companies and associations including those without legal liability, pursuant to art. 11 of Law no. 300 of 29 September 2000”, has the task of monitoring compliance with existing preventive and control systems, as well as their actual adequacy, in particular in those areas in which the crime risks possibly connected to the activities carried out are identified (Ref. Code of Ethics and Organizational Models pursuant to Legislative Decree 231/2001).

Within the internal control systems of the Group companies, this Code of Ethics constitutes an integral part of the Organization and Management Models pursuant to Legislative Decree no. 231/2001 voluntarily adopted by them. In compliance with their full autonomy and their respective commercial and/or production specificities, the Group companies that adopt Organization and Management Models in compliance with the principles expressed by Legislative Decree 231/2001 and subsequent amendments and/or additions, are required to carry out risk assessment activities in order to identify the areas in which crimes may be committed and to establish prevention and control systems based on the provisions of the same decree.

The Group companies appoint their own Supervisory Body (OdV) with independent powers of initiative and control with the task of:

－ monitor the functioning and observance of the Code of Ethics and company procedures, in particular in those areas where the risks of crime pursuant to Legislative Decree 231/2001 are identified, possibly connected to the activities carried out - to this end, he is free to access all sources of company information, to view documents and consult data;
－ welcome and/or report any violations of the Code of Ethics;
－ propose any updates to the Code of Ethics and internal protocols in order to adapt them to the laws;
－ verify, control and evaluate cases of violation of the rules established by the Code of Ethics and report them to the relevant functions for the purpose of applying appropriate disciplinary measures in compliance with the laws, regulations and CCNL.

The Group companies are required to establish adequate communication channels through which all those who become aware of any behavior, within the Group companies, contrary to the principles and rules of conduct expressed in this Code can report, freely, directly and confidentially to their hierarchical superior and to the Supervisory Body if appointed.

The information acquired by the Supervisory Body and the designated functions, for the purposes of the necessary investigations, must be treated in such a way as to guarantee:
－ the confidentiality and anonymity of the whistleblower,
－ the protection of the whistleblower against any form of retaliation, penalization, discrimination, without prejudice to legal obligations and the protection of the rights of the Group companies or of the persons accused wrongly and/or in bad faith.

Compliance with the principles and rules of the Code of Ethics must be considered an essential part of the contractual obligations of Employees. Violations of the provisions of the Code of Ethics may constitute a breach of the principal obligations of the employment relationship or a disciplinary offence, with all legal consequences, including with regard to the maintenance of the employment relationship, and may result in compensation for damages arising therefrom.

Compliance with the Code of Ethics must be considered an essential part of the contractual obligations undertaken by non-subordinate Collaborators and/or persons having business relations with the Group. Violation of the provisions of the Code of Ethics may constitute a breach of contractual obligations, with all legal consequences, including with regard to termination of the contract and/or assignment, and may lead to compensation for damages arising therefrom. For violations by members of the Board of Directors and Auditors, all the provisions of the law apply, with the resulting remedies and sanctions.

The Group companies undertake to provide for and impose, with coherence, impartiality and uniformity, sanctions proportionate to the respective violations of the Code and compliant with the current provisions on the regulation of employment relationships.