Privacy Policy


When you visit our websites, information about the access (date, time, page viewed, IP address) is stored as logfiles on our server. We do this out of the legitimate interest of monitoring technical operation, optimising our range of information and detecting attacks on our website. These data are evaluated by us exclusively for our own statistical purposes, in anonymized form.

The processing takes place on behalf of DO & CO Aktiengesellschaft, Stephansplatz 12, 1010 Vienna, Tel: +43 1 74 000-1001 Fax: +43 1 74 000-1009, E-Mail: headoffice@doco.com, (“DO & CO”, “we”).

The log files are deleted after three months.

In common, no personal data is collected by us when you use our website.

If you contact us by e-mail, the data of your request provided by you (name, contact details, content of the request) will only be processed for individual correspondence to answer for the purpose of customer service on the basis of a pre-contractual measure. Your data will be deleted 6 months after your last request unless there are legal obligations to store the data.

We guarantee that your data will be used exclusively by us, will not be passed on and will be treated confidentially in accordance with the applicable legal provisions. An exception is the transfer to data processors who work exclusively on the instructions of DO & CO, do not use the data for their own purposes and are bound by specific contracts to the data protection obligations of the General Data Protection Regulation.

Your rights

You have the right to access, rectification and erasure of your data, the right to restriction of processing, to object to processing, as well as the right to lodge a complaint with a supervisory authority.

If you have any questions about data protection and how to exercise your rights, please contact our data protection officer: privacy@doco.com.

Google services integration

With your consent, our website uses the following services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-at@google.com (“Google”), which in turn transmits your data to the USA for further processing. We would like to point out that the USA has a lower level of data protection than the EU and that US companies are obliged to hand over data to courts, law enforcement authorities, supervisory authorities or security bodies.

As part of your consent, you have the option of selecting and deselecting the individual services.

We use Google Analytics for error analysis and statistical evaluations and the Google Tag Manager for the integration of other Google services. In addition, with your consent, we integrate YouTube videos, which are also provided by Google.

Google also uses the collected information for its own purposes. For more information, see https://policies.google.com/technologies/partner-sites

Click HERE to withdraw consent to use Google services for future effect.

Processing of job applications

DO & CO operates various websites for job offers and online applications. If you apply for a job, the data you provide will be processed for the purpose of selecting applicants and preparing statistical evaluations. The legal basis for this processing is Art. 6 (1) b GDPR (steps prior to entering a contract). Please note that additional information may be requested for some employment relationships, particularly in security areas (e.g. at the airport).

Should an employment relationship come about, DO & CO, as your employer, will store your data for the duration of the employment and will delete it after your employment has ended after the statutory storage obligations have expired.

If no employment relationship is established, the data will be stored for seven months after completion of the application process and then anonymized so that no personal reference can be made. Longer storage will only take place if you have given us separate consent for this.

Your data will be passed on within the DO & CO group of companies to those who offer the advertised position or to other parts of the group of companies who offer similar positions. Generally, any other forwarding to third parties does not take place. Excluded from this is the transfer to technical service providers (data processors) who support DO & CO in the management of applicant data, but are not allowed to use the data for their own purposes and are bound by their own agreements to the strict provisions of the General Data Protection Regulation.

Should it be necessary to transfer data to countries outside the European Union in order to achieve the processing purpose, DO & CO guarantees an appropriate level of data protection by concluding additional agreements permitted under Art. 46 GDPR or taking into account corresponding guarantees.

Data Protection Information for Whistleblowers

In accordance with § 3 (1) of the Whistleblower Protection Act (HSchG), DO & CO is obligated to operate a whistleblower portal.

As an employee of DO & CO, applicant, independent contractor, member of administrative, managerial, and supervisory bodies, or as an employee of suppliers and subcontractors, you have the opportunity to report legal violations observed within the company via the Whistleblowing Portal.

The IP address and technical telemetry data of your device’s browser are anonymized immediately after transmission and thus no longer contain any personal reference.
You have the option to report anonymously. In this case, no personal data will be processed.

Should you decide to report confidentially, your name and optional phone number and email address will be stored and reported to the internal reporting office, which will handle your case confidentially and will not share your data within the company.

You have the option to report orally by recording an audio file, which will be uploaded to our servers. You can activate voice distortion to ensure the highest level of anonymity.
You also have the option to upload documents relevant to the case. These documents may contain personal data.

Data on received reports are retained for five years from the date of the last data transmission, unless a longer retention period is required due to the initiation of investigative procedures.
Information may be shared with legal advisors contracted by us, who are bound by professional confidentiality, as well as with authorities for investigation and initiation of proceedings. Information is also shared with technical service providers who support us in providing the whistleblower system. These providers are prohibited from using the data for their own purposes and are bound by additional agreements to comply with the strict provisions of the General Data Protection Regulation (GDPR) and associated high security standards. No data is transferred to countries outside the European Union or to international organizations.

For the processing of reports in accordance with the Whistleblower Protection Act, the otherwise existing data subject rights are legally restricted. This particularly affects the right of access, the right to rectification, the right to erasure, the right to information, the right to restriction of processing, the right to object, and the right to be notified of a personal data breach.
To exercise your rights and for other questions regarding data protection, please contact our Data Protection Officer at: privacy@doco.com.