Christian Dior : Shareholders Personal Data Protection Policy

• directly from You in the course of Your correspondence with the Stock Exchange Law Department of the DIOR Legal Department;
• automatically when You access or use the DIOR website (hereinafter « Website ») (technical details, IP address, browsing information, etc.);
• from third parties outside DIOR for the purposes of managing

1. your status as a registered shareholder and, if applicable, your status as a bearer

shareholder ;

1. your shares and transaction history;

1. your participation in the Annual General Meeting of shareholders.

3.2 What Data do We collect?

DIOR collects several types of Personal Data about You:

• Identification and contact information: e.g., last name, first name, postal address;
• Data related to your status as a registered shareholder: number of shares and transaction history, and, if applicable, your status as a bearer shareholder;
• Data related to your participation in the Annual General Meeting of shareholders: registration, proxy, voting order, remote monitoring registration whether you are a registered or bearer shareholder.

We collect technical information about the device that You use to login, as well as your use of the Website (g., operating system, type of browser used, whether a proxy is used, location of the device inferred from your IP address that identifies your computer, access time, accessed pages and the link that enabled You to access our Website).

3.3 On what legal grounds and for which purposes do We use the Data that We collect?

In accordance with current personal data protection regulations, We only collect Personal Data when We have a legal basis to do so.

Your Personal Data is processed on the basis of Your consent in order to correspond with You in case of a message received via the contact form of the Website.

Your Personal Data is processed on the basis of Our legitimate interest and on the basis of compliance with legal, tax and statutory requirements in order to:

• ensure the proper conduct of the Annual General Meeting of shareholders;
• ensure the security of the Annual General Meeting of shareholders;
• manage the DIOR shareholder database;
• ensure the defence of our interests in the event of litigation or legal action;

We may also store your Personal Data when the law requires Us to do so or to defend our legal rights.

3.4 Who has access to your Data?

3.4.1. Accessibility within DIOR

Your Data is processed by DIOR for the purposes described above and are only accessible to DIOR personnel who need to know it to perform their duties.

In this respect, your Personal Data is processed by the following departments of DIOR:

• Legal Department for the management of responses to your requests and the monitoring of DIOR shareholdings;
• Financial Communication Department for managing responses to your requests;
• General Services Department for the management of security for the Annual General Meeting of shareholders;
• DIOR's Security Department to manage cybersecurity of the Website.

3.4.2. Accessibility by third parties

Certain third parties may have access to your Data, specifically:

• our archiving subcontractor;
• our subcontractors carrying out the capture and storage of remote surveillance recordings at the Annual General Meeting of shareholders;
• any authority, court or other third party where such disclosure is required by law, regulation or court order, or where such disclosure is necessary for the protection and defence of Our rights.

3.5 Is any Personal Data transferred outside of the European Economic Area?

Your Data is processed in France by DIOR

owever, We may rely on certain service providers, which are located abroad or which themselves rely on processors located abroad, including outside of the European Economic Area (EEA) in countries where personal data protection laws differ from those that apply in the EEA.

Any transfer of Your Data outside the EEA will be subject to appropriate safeguards that comply with applicable data protection regulations. We will provide You with a copy of the applicable safeguards upon request.

3.6 How long do We store your Data?

Data is stored as long as required for the purpose for which it was collected as described at section 3.3 of this Policy and, in any case, will be deleted at the end of such period.

Please see the table below for additional details about these periods.

• In the event of an incident during the General Assembly, the registration data may be communicated to the police and/or competent authorities and thus retained for the duration of the proceedings.

4. What are your rights in relation to your Data ?

4.1 Access, rectification and portability

In accordance with current regulations, You have the right to access your Data. You may also request correction of Your Personal Data should they be inaccurate. Depending on the purpose of processing, You also have the right to have incomplete Personal Data completed.

To respond to your request, We may ask You to provide Us with a proof of your identity. We may also need to ask You for additional information or supporting documents. We will make every effort to respond to your request as soon as possible.

You may, to the extent provided for by law, exercise your right to Data portability which allows You to retrieve, in an interoperable format, the Personal Data that You provided to Us.

4.2 Right to erasure of your Data and to limitation of the processing of your DataYou may request erasure of your Personal Data if:

• You believe that our processing of your Personal Data is no longer needed for the purposes described in this Privacy Policy ;
• You believe that the processing is unlawful or You contest the accuracy of the Data We process about You ;
• You are not anymore a DIOR's shareholder;
• You withdrew your consent to the processing of your Data.

Alternatively, to the extent provided for by law, You may request limitation of the processing of your Data.

Please note that despite the exercise of your right to erasure or processing limitation, We will store some of Your Personal Data when the law requires Us to do so, or to exercise or defend our rights.

4.3 Right to establish instructions for the management of your Personal Data after your death

For France and when mandatory local provisions so provide, You may determine how You want Us to handle your Personal Data upon your death.

4.4 Procedure to exercise your Data protection right

You may exercise your rights in relation to your Data by using the following contact form : https:// www.dior-finance.com/en/cms/1-contactand specifying "Personal data" in the subject of the form

5. How is your Personal Data secured?

DIOR uses technical and organizational measures that comply with French and EU legal and regulatory requirements, to keep your Data secure and confidential.

Under written agreements, DIOR requires its service providers and processors to provide safeguards and implement sufficient security measures to protect the Personal Data they have agreed to process, in accordance with applicable requirements under personal data protection laws.

However, DIOR does not control all risks related to the operation of the Internet and draws your attention to the inherent risks of using any website.

6. Cookies

We use strictly technical cookies to ensure the proper functioning of the Website and anonymous cookies for statistical analysis purposes.

The audience measurement services are necessary for the functioning of the Website and for its proper administration. You will find all the elements relating to the confidentiality policy

for these cookies at the following address:https://support.google.com/analytics/answer/6004245.

7. Third party websites

There may be links to third-party websites (such as DIOR Group affiliates' websites) that We do not control, and which are governed by their own confidentiality and personal data protection policies. This Privacy Policy does not apply to third-party websites. Please review the confidentiality and personal data protection policies of the third-party websites that You visit to understand how they process your Data. DIOR shall not be liable for any use of your Data by any third parties.

8. How can You contact Us if You have queries or complaints?

For any questions concerning this Privacy Policy or for any queries or complaints regarding your Personal Data, You may contact Us by using the following contact form : https:// www.dior-finance.com/en/cms/1-contactand specifying "Personal data" in the subject of the form

If You have a complaint about the way We process your Data, You also have the right to contact the Commission Nationale de l'Informatique et des Libertés (French data protection authority, CNIL), 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, Tel: 01 53 73 22 22, www.cnil.fr.