Privacy Policy

1. INTRODUCTION

At DO & CO im Haas Haus Restaurantbetriebs GmbH, located at Stephansplatz 12, 1010 Vienna, with contact numbers +43 1 535-3969 or +43 1 24188 and email address stephansplatz@doco.com ("DO & CO", "we"), safeguarding your personal data is a top priority. Below, you will learn about the types of information we gather, process, and utilize when you visit and use our website, www.docohotel.com ("website").

Please note that we may periodically update this privacy notice to reflect changes and advancements in the Internet. We encourage you to review this page frequently to ensure you are familiar with the latest version.

2. WHAT ARE PERSONAL DATA?

Personal data refers to information that can identify an individual. This includes details such as your name, email address, and IP address.

3. WHAT PERSONAL DATA DO WE COLLECT FROM YOU AND FOR WHAT?

3.1. Website Access Logging

When you access our website, we record details of your visit (date, time, page accessed, IP address) in log files on our server. We undertake this action to ensure the technical functionality of our website, enhance our information offerings, and protect against cyber attacks. These data are analyzed anonymously solely for our internal statistical purposes. The log files are retained for three months before being deleted.

3.2. Contacting Us

When you reach out to us via email, telephone, or mail, we store the personal data you provide voluntarily (title, name, company, email, phone number) along with the content of your inquiry (including event bookings and restaurant reservations). This information is kept for processing your request and any follow-up questions, under pre-contractual measures or our legitimate interest. We may share this data with other companies within our group as necessary to respond to your request. Rest assured, we will not share your data with any third parties without your explicit consent.

3.3. Room Bookings and Orders via the Website

To fulfill our contractual obligations, we process the information you provide during hotel bookings (salutation, title, name, company, email, phone number, address, fax) and details about your booked room, special requests, comments on your booking, and credit card information (card provider, cardholder name, last four digits of the card number). Additionally, order details for goods ordered via email or phone are processed. This data is essential for contract execution or pre-contractual measures; without it, we cannot finalize the contract with you. Data is only shared with third parties in specific instances, such as transferring booking-related personal data to DO & CO Aktiengesellschaft’s accounting department for group oversight and to our tax advisor for compliance with tax obligations.

3.4. Table Reservations and Regular Customer List

You can make a table reservation online through our platform. When booking, we collect your contact details along with specific reservation details such as the date, time, and number of guests. In certain circumstances, such as on specific days or times, we may require a credit card number to guarantee the reservation. This credit card number is sent to a payment service provider for verification purposes and is not stored by us. If a reservation is not honored (a "no-show"), the payment service provider is authorized to charge a predetermined fee for loss of revenue from the provided credit card.

This data processing complies with Art. 6 (1) b of the GDPR and is kept only as long as necessary to serve its purpose. To enhance our service continually, we also record any special requests made during your reservation or visit and store them in our regular customer database. This information is processed based on a balance of interests as outlined in Art. 6 (1) f GDPR and is retained for five years following your last visit.

When making a reservation, you have the option to subscribe to our newsletter. This subscription is voluntary and can be canceled at any time by clicking the unsubscribe link in the newsletter or by emailing an unsubscribe request to privacy@doco.com. In addition to requiring your email address to send the newsletter, we also monitor the reading behavior (date/time of opening, clicks within the newsletter) to optimize our content. This is processed under Art. 6 (1) a GDPR and the data is retained until you withdraw consent, although we may remove it sooner if no longer needed.

Data related to online table reservations is shared with technical service providers who assist us but are prohibited from using the data for their purposes. As data processors, they adhere to the stringent requirements of the General Data Protection Regulation. Data transferred for processing in the USA is subject to the EU-US Data Privacy Framework (DPF), certified by the EU Commission as providing an adequate level of data protection, thus complying with Art. 45 GDPR, meaning no additional legal basis is needed for data transfers to the USA.

3.5. YouTube videos

This website incorporates videos hosted on YouTube, a service provided by Google LLC, located at 1600 Amphitheater Parkway, Mountain View, California 94043, USA. When you watch YouTube videos on our site, certain information about your activity is sent to Google in the USA. If you visit a page with YouTube videos, your browser connects directly to Google’s servers. The videos are then streamed from Google to your browser and displayed on our website.

We do not control the scope of data that Google collects through this interaction. Based on our understanding, the data collected by Google includes at least the following:

• Date and time of your visit to the site,
• Internet address or URL of the accessed website,
• Your IP address,
• Details of the video you watched and the playback quality settings.

We do not have control over how Google processes or uses this data and thus cannot take responsibility for these actions. For information regarding the purpose and extent of data collection, how Google processes and uses your data, along with your rights and privacy settings, please refer to Google’s privacy policy available at Google's Privacy Policy.

Google LLC adheres to the EU-US Data Privacy Framework (DPF), which the European Commission recognizes as providing adequate protection for personal data. Consequently, under Art. 45 of the GDPR, no additional legal basis is required for transferring data to the USA.

3.6. Data transfer to third parties and service providers

We may share your personal data with external agents or service providers as necessary. We have established data processing agreements with these providers to ensure they use the data only for designated purposes and comply with strict European data protection standards. Here are the categories of service providers with whom we might share your data:

• IT service providers, as well as those offering data hosting, processing, or similar services.
• Other service providers, tool providers, and software solutions that assist us in delivering our services and act on our behalf.
• Service providers offering tourist activities (e.g., sightseeing tours) or transportation, if you choose to use these services and we arrange them on your behalf.
• Other DO & CO group companies and affiliates for contract fulfillment and legal obligations.
• Third parties involved in fulfilling our obligations to you, such as payment processors, banks, suppliers for event supplies, and courier services.
• External third parties as needed, such as auditors, insurance companies in case of a claim, legal representatives, etc.
• Authorities and public bodies as required by law, like tax authorities.
• Google Ireland Limited for providing video services, website analytics, and measuring online marketing campaigns, but only after obtaining your consent. You can withdraw your consent anytime via cookie settings.

4. COOKIES AND GOOGLE ANALYTICS

This website utilizes software to analyze user engagement, helping us understand visitor needs and enhance our service quality. In this process, we use cookies—data stored in your browser that allow us to recognize visitors anonymously. You can manage cookies through your browser settings, including rejecting or deleting them. This also applies to local and session storage.

Essential cookies necessary for website operation are set based on our legitimate interest in maintaining a safe and efficient site, without transferring information to third parties for their own use. Analytical and profiling cookies are employed only with your explicit consent. Without your consent, we only use cookies that are essential for the website's functionality.

With your consent, we utilize various services from Google Ireland Ltd., which may involve transferring your data to the USA for further processing. It's important to note that the USA may not offer the same level of data protection as the EU, and US entities can be compelled to disclose data to governmental or security authorities. However, Google adheres to the EU-US Data Privacy Framework (DPF), which the EU Commission recognizes as providing adequate data protection, thus no additional legal basis is required for data transfers under Art. 45 GDPR.

We use Google Analytics for error analysis and statistics, Google Tag Manager to integrate other Google services, Google DoubleClick for advertising, and Google Adwords for tracking ad conversions. Google may use the collected information for its own purposes as well. You can find more detailed information and manage your consent settings via Google's partner site policies.

You also have the option to revoke your consent to the use of Google services at any time in the future using the cookie settings.

5. STORAGE DURATION

We retain your personal data only as long as necessary to fulfill our obligations to you. For compliance with legal requirements related to reporting, taxes, and corporate record-keeping, we typically store your data associated with hotel bookings, event bookings, and restaurant visits for seven years after the contract's completion. Additionally, we keep data from inquiries for six months after responding to facilitate follow-up questions. This retention is driven by our legitimate interest in providing efficient customer support and enhancing our corporate reputation, with no prevailing interests on your part that would necessitate a different approach.

6. YOUR RIGHTS

You have the right to access information about the personal data we store concerning you at any time. Under certain conditions, you may request that your data be corrected or deleted. You also have the right to restrict the processing of your data and to have the data you provided transferred in a structured, commonly used, and machine-readable format to another controller.

Additionally, you have the right to object to the processing of your data, especially if it is used for direct marketing purposes. If we process your data based on legitimate interests, you may object to this processing at any time if your specific situation provides grounds for doing so.

Should you have any concerns or wish to exercise these rights, you can always reach out to us at the following contact details:

DO & CO im Haas Haus Restaurantbetriebs GmbH

Address: Stephansplatz 12, 1010 Vienna

Phone:  +43 1 535-3969 or +43 1 24188

Email: stephansplatz@doco.com or privacy@doco.com

For direct communication with our data protection officer, please email privacy@doco.com.

To ensure your request is processed efficiently and to safeguard your personal data from unauthorized disclosure, please clearly identify yourself and provide a brief description of your request when exercising your rights. You also have the option to lodge a complaint with a data protection supervisory authority if you believe there is an issue with how we are handling your data.