Data protection information
Data controller within the meaning of the General Data Protection Regulation (GDPR):
DO & CO Aktiengesellschaft, Stephansplatz 12, 1010 Vienna together with DO & CO Albertina GmbH, Dampfmühlgasse 5, 1110 Vienna (“DO & CO”)
You have the right to access your personal data, for correction and deletion of data, the right to restrict processing and to object to processing. You also have the right to lodge a complaint with a supervisory authority.
If you have any questions about data protection at DO & CO, please contact our data protection officer at privacy@doco.com
Below we will inform you about the processing of data from guests and visitors in our restaurant.
Video surveillance in the checkout area
There is video surveillance with recordings in the checkout area of our restaurant as a preventative protection against and to solve crimes, but this does not include any technical identification of people.
The processing takes place in the legitimate interest of protecting property.
The data is generally stored for a period of 48 hours, or, if necessary, for the duration of the process.
In order to carry out the procedure, data may be sent to the responsible authority or court (to preserve evidence in criminal law matters), to security authorities (for security police purposes), to courts (to preserve evidence in civil law matters), to employees, witnesses and victims ( as part of the enforcement of claims), insurance companies (exclusively for the processing of insurance cases), lawyers, authorities and other bodies for the purpose of legal enforcement.
It is also possible to pass it on to processors who work exclusively on the instructions of DO & CO, who do not use the data for their own purposes and who are bound by their own agreements to the data protection obligations of the General Data Protection Regulation.
A transfer to recipients in a third country (outside the EU) or to an international organization is not intended. There is no automated decision-making (profiling).
Table reservations and regular customer list
You can reserve a table online. Your contact details as well as the reservation details (date, time, number of people) are recorded.
In some cases, for example on certain days or times, we reserve the right to only carry out the reservation if the reservation is guaranteed by providing a credit card number. The credit card number recorded during the booking will be forwarded to a payment service provider for verification and will not be stored by us. In the event of a reservation not being made („no-show“), the payment service provider will deduct a previously agreed cost reimbursement or loss of sales from the credit card.
This processing takes place in accordance with Art. 6 (1) b GDPR. The data is stored for as long as it is necessary for the intended purpose.
In order to continually improve our service, we record special requests that you make during the reservation or during your visit to our restaurant in our regular customer file. This data is processed in accordance with Art. 6 (1) f GDPR after a balancing of interests has been prepared for a period of five years after your last visit.
While entering your reservation details, you also have the option to sign up for our newsletter. This registration is voluntary and can be revoked at any time. To revoke your consent, click on the unsubscribe link contained in every newsletter mailing or send an e-mail with your unsubscribe request to privacy@doco.com. In addition to the email address required to send the newsletter, the reading behavior of the newsletter (date/time of opening, click on individual areas) is also processed for the purpose of optimizing the content. This processing takes place in accordance with Art. 6 (1) a GDPR. The data will be stored until revoked. However, we reserve the right to delete the data earlier if it is no longer needed for our purposes.
Data is passed on to technical service providers who support us in providing online table reservations. However, these service providers are not allowed to use the data for their own purposes and, as data processors, are bound to the strict provisions of the General Data Protection Regulation. When the data is processed, it is transferred to the USA. In general, there is a lower level of data protection in the USA than in the European Union. However, the service providers we select have agreed to the terms of the EU-US Data Privacy Framework (DPF). The participants in this agreement are certified by the EU Commission to have an adequate level of data protection. Therefore, according to Art. 45 GDPR, no additional legal basis is required for the transfer of data to the USA.