Privacy and cookie notice


This website is operated by Coca‑Cola HBC Austria GmbH, Clemens-Holzmeister-Straße 6, 1100 Wien, a member of the Coca‑Cola HBC group of companies. CCHBCA is controller with regard to the General Data Protection Regulation (GDPR).

Coca‑Cola HBC is committed to preserving the privacy of all visitors to and to protecting any personal data that you may provide to us.

We provide this Privacy and Cookie Notice to help you to understand what we do with any personal data that we obtain from you

This Privacy Policy and Cookie notice covers the following areas:

  1. What is personal data
  2. Personal data that we collect from you and use of data collected
  3. Cookie Policy
  4. Disclosures. Who are the recipients of your personal data?
  5. Are your personal data transferred to other EU countries?
  6. How we protect your personal data?
  7. Contacting us and your rights to access and update your personal data
  8. How changes to this Privacy Policy and the Cookies Policy will be made

1. What is personal data?

Personal data is information about an identifiable individual, as defined by applicable law, such as name, email address and telephone number.

2. Personal data that we collect from you and use of data collected

In general, you can visit this website without telling us who you are or revealing any information about yourself. Our web servers collect the source IP addresses, for IT reasons, enabling you to connect to our platform providing you with our services. In addition, there are parts of this website where we need to collect personal data from you for a specific purpose, such as to provide you with certain information you request and where requested to register you to our website.

This Privacy Policy aims as well to inform our business partners about the processing of personal data.

In the following you will find our various data processing operations, the processing purposes and the respective legal basis for the processing, subdivided according to the affected data subject:



Data Subject Collected personal data Purposes for the collection Justification of the collection
Visitor of our Website

IP address, domain name, your browser version and operating system, traffic data, location data, web logs

to measure the number of visits, average time spent on the site, pages viewed

legitimate interest in the optimal operation and continuous improvement of the website

name, address, telephone, fax number, email address

to response to your inquiries or to process your requests in relation to your information

precontractual obligation/ performance of the contract

legitimate interest in the handling of inquiries


company name

customer identification number

business address, address

telephone and e-mail address and other information required for addressing

company register data

contact person

sales data (products and quantities, prices, location, date)

third parties involved in the provision of services including information on the type of cooperation

delivery and service conditions

terms of payment including credit limit

bank details

tax number

contract data, subject matter of the contract, contract signature

 Copy of ID card

invoice data

Data on products and coolers and their activation (RED)

a.) Processing of customer orders (order creation / disposition / delivery / billing / invoicing)

b.) Placement, sanitation and technical maintenance of coolers and beverage vending machines

c.) Customer-oriented marketing and product information (newsletter, product logo database); direct advertising

d.) Availability of our products as well as optimized product and cooler implementation

e.) Customer segmentation and analyses; market development

f.) Carrying out customer satisfaction surveys (Customer Survey)

g.) Verification of compliance with contractual obligations (pay for performance)

h.) Budgeting including Controlling of the Business Plan

i.) Ensure an internal control system, includingthe investigation of possible violations of the Code of Conduct or the Anti-Bribery Policy.

Performance of contract (a, b, d, g)

legitimate interests (c, d, e, f, h):

c.,d.) Increasing customer satisfaction and relationship as well as turnover;

e.,f.) efficient customer care, market analysis, quality control and entrepreneurial development

h.) Securing and improving the efficiency of operational processes

i.) Compliance with internal Group compliance requirements, combating corruption and fraud

legal obligation (i)

Consent (c or if necessary)

Company name

Supplier identification number

Business address

Address, telephone and e-mail address and other information required for addressing

Commercial register data

Contract data

Creditworthiness data

Subject of the delivery or service

Contact person

Copy of ID

third parties involved in the provision of the service, including details of the type of involvement

Terms and conditions of delivery and performance

Data on customs clearance or insurance

Billing data

Terms of payment and bank details

Credit rating

criminal/fraudulent activities

List of Politically Exposed people and Sanctions Lists

Background information on integrity and the beneficial owner

a.) Due Diligence (Know Your Customer), in particular with regard to fraud, corruption, money laundering, sanctions, creditworthiness and labour law (employment of foreigners as well as wage and social dumping) and investment of the supplier.

b.) Carrying out the procurement process, including tenders.

c.) Order and payment processing.

d.) Budgeting and monitoring of the business plan. Accounting.

e.) Contract management.

f.) Ensure an internal control system, including the investigation of possible violations of the Code of Conduct or the Anti-Bribery Policy.

g.) Supplier evaluation.

h.) 3rd Party Due Diligence (approval for representation before public officials).

i.) Creation of the customer or supplier.

Pre-contractual obligation

Performance of contract (c,b)

legitimate interests (a, b, d, e, f, g, h, i)

legal obligation (f)
Potential business partners



Phone and e-mail address,

Commercial register data,

Contact person,

Copy of ID,

Type of potential service provision,

third parties involved in the provision of the service, including details of the type of involvement,

Creditworthiness data,

Insurance data,

Background information on integrity and the beneficial owner,

Credit rating,

criminal/fraudulent activities,

Credit ratings,

List of Politically Exposed people and Sanctions Lists

a.) Due Diligence (Know Your Customer), in particular with regard to fraud, corruption, money laundering, sanctions, creditworthiness and labour law (employment of foreigners as well as wage and social dumping).

b.) Approval for representation before public officials (3rd party due diligence).

c.) Investment of the customer or supplier.

Pre-contractual obligation

Fulfilment of legal obligations (a)

legitimate interest (a, b, c)

name, telephone number, address and e-mail address

all data in connection with an inquiry or complaint, including information on personal injury

a.) execution of prize games

b.) handling of complaints regarding product quality and safety including documentation of material damage and personal injury.

Consent (a)

legitimate interest (b)

legal obligation (Product Liability Act) (b)



first and last name

contact details (postal address, telephone number, home address)

nationality (work permit)

vocational training, professional experience, special knowledge

additional qualifications

language skills

commitments outside the workplace

additional information in the curriculum vitae (e.g. date of birth, letter of motivation)

handling of the application process


performance of contract

As concerns all personal data required for the performance of our contract with you / your company, if you do not provide us with this personal data we may not be able to deliver the requested service as mentioned in the above. On the contrary, for all data processings where you give your consent, you are entitled to refuse or withdraw your consent at any time without any detrimental impact on any contact you may have with us.

When personal data, such as your name and email address, is collected from you with your consent (for example, through the use of online forms or via email) we will let you know at the time of collection how we will use that personal data.

3. Cookie Policy

This website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive.

Performance Cookies

These Cookies collect information to allow us to improve the website.


Tracks if a user has verified their age (for certain age restricted areas of the site)


Tracks if a user has clicked “ok” on the cookie banner – so it no longer displays it

_ga, _gid

The unique client ID assigned to each visitor – this will be unique to you


This is a cookie set by Google Analytics. It Is used to make ensure that your computer/device doesn’t make too many requests to the Google Analytics servers whilst you’re browsing the CCHBC site


This is a cookie set by our server monitoring software. It is not used for tracking users or user behaviour – it is solely used to differentiate between active user requests to the website

How do I disable/enable cookies?

You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled.

There are a number of ways to manage cookies. Please refer to your browser instructions or help screen to learn more about these functions. For example, in Internet Explorer, you can go to the Tools/Internet options/Security and Privacy Tabs to adapt the browser to your expectations. If you use different computers in different locations you will need to ensure that each browser is adjusted to suit your cookie preferences.

Some modern browsers have a feature that will analyse website privacy policies and allow a user to control their privacy needs. These are known as 'P3P' features (Privacy Preferences Platform).

You can easily delete any cookies that have been installed in the cookie folder of your browser. For example, if you are using Microsoft Windows Explorer:

If you are not using Microsoft Windows Explorer, then you should select 'cookies' in the 'Help' function for information on where to find your cookie folder.

4. Disclosures. Who are the recipients of your personal data?

Categories of recipients Purpose



companies of the Coca‑Cola HBC Group (listed at - in particular Coca‑Cola Hellenic Business Services Organization EOOD, Sofia, Bulgaria (BSO).

for the purposes of contract fulfilment and execution and on the basis of legitimate interest.

with BSO, the CCHBC Group has set up a Shared Service Center, whereby certain administrative tasks and processes that arise in all countries are bundled and handled centrally via BSO.

Intra-Group Data Transfer Agreement

contract fulfilment

legal obligation

legitimate interest

Processors or other data recipients:


Merchandising Service Provider

Logistics & Copacking Service Provider,
Printing and Invoicing service providers,
Refurbishment Service Provider

Scanning service provider

Market research institute

PR agencies, website maintenance service provider, call centers

IT services and support provider,
IT data center, IT operation,
Software and Service Providers

visiting customers incl. merchandising activities

processing of customer orders with regards to products and coolers

document scanning and archiving

customer satisfaction survey

external communication (organization of events, maintenance of the CCH website, response to inquiries and complaints)

software implementation and development,
IT-support and maintenance,
provision of IT applications

reporting of cumulated (volume) data of the respective products

Data processing agreement (DPA)

contract fulfilment

legal obligation

legitimate interest

government bodies

lawyers, tax consultants, auditors


insurance and brokers

agencies for credit information

for the fulfilment of legal obligations

legal and tax advice, audit accounting,

execution of payment transactions

processing of insurance claims

credit assessment

Data processing agreement (DPA)

contract fulfilment

legal obligation

legitimate interest

The personal data you provide to us via our website will be held in a Data center hosted in Crawley, UK, by a company named Rackspace, whose secondary site is in Ireland, and can be accessed by or given to our staff working outside UK and to third parties, to business partners, government bodies and law enforcement agencies, successors in title to our business and suppliers we engage to process data on our behalf, some of whom are located outside the European Economic Area, who act for us for the purposes and justifications set out in this policy.

If you submit personal information to us, you agree to such sharing or if necessary, you will be asked for further consent.

5. Are your personal data transferred outside the EU?

Since Coca‑Cola HBC operates in many countries, your personal data, in particular the data which you upload through the Careers section of the Site, may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the EU in which data protection laws may be of a lower standard than in the EU. However, we always seek to ensure that your personal data receives the same level of protection, as if it had stayed within the EU, including seeking to ensure that it is kept secure and used only in accordance with our instructions and for the agreed purpose(s). Further information on such transfer is available in the Recruitment Application Form.

Certain countries outside the EU have been approved by the European Commission as providing essentially equivalent protections to EU data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions (see the full list here). In countries which have not had these approvals (such as Russia), we will either ask for your consent to the transfer or transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities.

Please contact us as set out in Contact us section below if you would like to see a copy of the specific safeguards applied to the export of your personal data.

Recipients in third countries (outside the EU) to which personal data is transferred

Recipients in third countries with an adequate level of data protection on the basis of an adequacy decision by the EU Commission:

Recipient Country

Coca‑Cola HBC AG

Coca‑Cola HBC Schweiz AG



Recipients in third countries outside the EU:

Recipient Country

affiliates (corporate entities)

available at

IT-application provider


All of the parties outside the EU to which personal data will be transferred process data, fulfil and deliver orders and provide support services on our behalf. We may also pass aggregate information on the usage of our site to third parties but this will not include information that can be used to identify you. We reserve the right to disclose your personal data as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.

Unless required to do so by law, we will not otherwise share, sell or distribute any of the personal data you provide to us without your consent.

Finally, if our business enters into a joint venture with or is sold to or merged with another business entity, your data will be disclosed to our new business partners or owners. By submitting your data, you agree to such data transfer.

6. How we protect your personal data

Users aged 14 and under

If you are aged 14 or under, please get your parent's or guardian's permission before you provide any personal data to us. Users without this consent are not allowed to provide us with personal data.

Other websites

Our website contains links to other websites which are outside our control and are not covered by this Privacy and Cookie Notice. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their Privacy Policies, which may differ from ours. We do not accept any responsibility or liability for their policies or processing of your personal data. We encourage you to read the privacy and cookie notices and terms and conditions of any linked, referenced, or interfacing websites you enter before you submit any personal data to such third party websites.

Security of data collected and data retention

We employ strict physical, electronic, and administrative security measures to protect your data from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage both online and offline. We will retain your data for as long as necessary for said purpose of the collection and after that we will retain your data as long as the law requires. For more information about data retention see: country retention policy.

Internet-based transfers and disclaimer

Whereas Coca‑Cola HBC Austria GmbH employs reasonable measures to protect against viruses and other harmful components, the nature of the internet is such that it is impossible to ensure that your access to the website will be uninterrupted or error-free, or that this website, its servers or emails which may be sent by us are free of viruses or other harmful components.

Please note that we therefore accept no liability whatsoever for the disclosure of information due to errors in data transmission and/or unauthorised access by third parties not caused by us (e.g. hacking of email accounts or telephone, interception of faxes).

7. Contacting us and your rights to access and update your personal data

Accessing, updating and deleting data

You are entitled to see the personal data we hold about you; you may also ask us to make any necessary changes to ensure that it is accurate and kept up to date or to delete the personal data we hold about you. You may also inform us if you would like to restrict the data processing or object to the processing of personal data we hold about you. If you wish to do this, please contact us using the contact details provided at the Contact us section below. You are also entitled to provide the personal data we hold about you to another service provider of your choice.

Withdrawing the consent

In case we asked you for your consent to process personal data we hold about you and do not base such processing on any other legal basis, you can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before the withdrawal. If you wish to do this, please contact us using the contact details provided at the Contact us section below.


You have the right to lodge a complaint before the national data protection authority by sending your claim to:

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien
e-mail:, Website: http://www.dsb.gv.

Contacting us

If you have any comments relating to our use of your personal data or any questions about this Privacy and Cookie Notice, please contact us using the following e-mail address:
We welcome your questions and any suggestions you may have about our Privacy and Cookie Notice.

To formally exercise your rights in relation to your personal data we process, please submit a request accessing the below link:
Web Form

8. How changes to this Privacy Policy and the Cookies Policy will be made

We reserve the right to amend or supplement this privacy policy. Please check this privacy policy regularly to be aware of any changes.