1. Data Controller Roles
Bokko is an online appointment request and booking management platform for personal service providers. The system handles two distinct data processing scenarios:
- Service Provider Accounts and Platform Operation: Bokko is an independent data controller regarding provider account data, access credentials, technical and security logs.
- Guest Bookings: The primary business purpose of the booking data provided by guests is to enable the selected service provider to manage the request. Regarding guest booking data, the service provider is the data controller, and Bokko acts as a data processor. Exceptions include cases where Bokko has independent decision-making authority for platform security, abuse prevention, or legal compliance purposes — in these cases, Bokko acts as an independent data controller.
- Platform-level Processing: Bokko may perform certain processing operations as an independent data controller for the purposes of operating, developing the service, and fulfilling the billing relationship. Where Bokko uses data for statistical or development purposes, such processing is performed in an anonymized format that cannot be traced back to the data subject.
The allocation of roles between Bokko and the service providers is recorded in a Data Processing Agreement (DPA) under Article 28 of the GDPR, which forms part of Bokko's Service Agreement. The subject of the agreement is the processing of guest booking data, its duration lasts for the term of the contractual relationship, the data categories and data subjects are listed in Section 2 of this policy, and the right to issue instructions belongs to the service provider. Bokko does not make business decisions regarding the specific terms and content of the service provided; however, it independently performs the technical processing operations necessary for the platform's operation. Therefore, regarding guest booking data, the service provider is the data controller.
Open Beta Operation. Bokko is currently in its Open Beta phase, operated by a private individual;
company formation is planned, the date is not yet fixed. Operator's basic data according to Act CVIII of 2001 (Ektv.):
Operator: Dávid Mácsik (private individual)
Address: 7100 Szekszárd, Fürdőház utca 1, Hungary
Electronic contact: [email protected]
Information regarding the hosting provider is available on the
Imprint & Contact page.
1a. Data Processing Principles (GDPR Article 5)
When processing personal data, Bokko applies the following principles set out in Article 5 of the GDPR:
- Lawfulness, fairness and transparency — every processing activity is based on a legal basis (typically GDPR Art. 6(1)(a), (b), (c) or (f); see Section 3), and is transparently documented for the data subject.
- Purpose limitation — personal data is collected only for specified, explicit and legitimate purposes, and is not further processed in a manner incompatible with those purposes.
- Data minimisation — the scope of processed data is limited to what is necessary for the processing purpose; that is why the minimum mandatory booking data (name, email address) and the optionality of every additional data field are explicitly indicated in Section 2.
- Accuracy — inaccurate data is rectified or erased without delay upon request (see Section 6, data subject rights).
- Storage limitation — data is stored only for as long as necessary for the processing purpose. Detailed per-data-category retention periods are set out in Section 5 and in the Retention and Deletion Policy.
- Integrity and confidentiality — the security of personal data is protected by appropriate technical and organisational measures (see Section 8).
- Accountability — every processing activity is documented; compliance can be demonstrated (processor records, sub-processor list, retention-jobs audit, consent log).
2. Scope of Processed Data
Based on current application logic, Bokko processes the following data.
| Data Subjects | Data Category | Notes |
|---|---|---|
| Guests | Name, email address, optional phone number, optional note | Provided in the booking form. Mandatory: name and email address (the booking confirmation is sent by email). Optional: phone number (only processed if the guest provides it; required for SMS reminders) and note. |
| Guests | Requested service, preferred or confirmed date and time, booking status | Required for recording, managing, and confirming the booking request. |
| Guests | Notification and event log data | SMS/email sending times, status changes, replies, delivery metadata. |
| Guests | Data related to token-based response and cancellation links | For accepting/declining reschedule proposals and other guest-side operations. |
| Guests | Technical and transactional metadata related to online payments, deposits, card guarantees, and refunds | Processed only if the specific service provider activates online payment features. |
| Guests | Billing data | Name, company name, tax ID, address, and billing email, if the guest requests an invoice. |
| Guests | Browser-side stored data | Consent state, language and appearance preferences, and pre-filling of name/email in the booking form. |
| Service Providers | Email address, Firebase ID, provider details | For logging in and using the dashboard. |
| Service Providers | Two-factor authentication (TOTP/MFA) metadata | If activated: TOTP secret and encrypted recovery code hashes, timestamps of last successful/failed login attempts. The secret itself is never decrypted for purposes other than authentication. |
| Service Providers | Provider name, slug, phone number, address, business hours, notification email | For operating the public booking page and notifications. |
| Guests / Providers | Google Calendar event data (guest name, service name, time) |
When optional Google Calendar synchronization is enabled, Bokko uses the Google Calendar API exclusively to: (a) create, update, and delete booking events it has written to the connected calendar; (b) retrieve the user's calendar list for synchronization settings; (c) query busy intervals for conflict detection. Bokko never reads the content of other calendar entries (titles, descriptions, attendees, etc.).
Per-staff calendar push: If a staff member enables this feature, Bokko also writes bookings to the staff member's personal Google Calendar using the booking's own data. Bokko only touches events it has created and does not access any other entries in the staff member's calendar. Two-way sync (deletion detection): If a staff member deletes a Bokko booking event from their Google Calendar, Bokko by default only notifies the business owner (the booking remains unchanged). If the staff member has explicitly opted in to "cancel booking" mode, Bokko will also cancel the booking, and this consent is recorded during the staff member's calendar connection setup. |
| Guests / Providers | Health monitoring and diagnostic data | Runtime errors, exceptions, and technical diagnostics related events for system stability. |
3. Purposes and Legal Bases for Processing
| Purpose | Involved Data | Primary Legal Basis |
|---|---|---|
| Recording and managing booking requests | Guest name, phone, service, time, note | GDPR Art. 6(1)(b) - steps prior to entering into a contract or performance of a contract |
| Sending SMS or email notifications about booking status | Phone, email, status data | GDPR Art. 6(1)(b) and, where applicable, Art. 6(1)(f) |
| Dashboard access and permission management | Provider email, identifier | GDPR Art. 6(1)(b) |
| Online payment, deposit management, card guarantee, and billing administration | Payment metadata, billing data, payment states linked to booking | GDPR Art. 6(1)(b) or, where required by law, Art. 6(1)(c) |
| Abuse prevention, rate limiting, system security | Normalized phone number, technical events, logs | GDPR Art. 6(1)(f) – legitimate interest, particularly for system security, abuse prevention, and service stability. Bokko performs a legitimate interest assessment (LIA). |
| Error monitoring and operational diagnostics | Technical error reports, exception and performance data | GDPR Art. 6(1)(f) – legitimate interest for system stability, error handling, and security |
| Consent-based analytics | Analytical events and required browser identifiers | GDPR Art. 6(1)(a) – data subject's consent |
| Compliance with legal obligations, legal enforcement | Relevant data related to the specific case | GDPR Art. 6(1)(c) and Art. 6(1)(f) |
| Platform operation, service development, and billing administration | Minimum necessary provider and usage data, or anonymized statistical data where applicable | GDPR Art. 6(1)(b) for contract performance; Art. 6(1)(f) for legitimate interest in service development |
| Newsletter – marketing communication to guests | Guest email address, name, consent status, and legal basis log | GDPR Art. 6(1)(a) – data subject's voluntary, informed, and withdrawable consent. Details: Section 3a. |
| Post-booking review request email after the completed service — optional feature, enabled at the Provider's discretion | Guest name, email address, service name, completion timestamp, Provider contact details (display only) | GDPR Art. 6(1)(f) – legitimate interest of the Provider in maintaining the customer relationship and obtaining service-quality feedback. Details: Section 3b. |
3a. Marketing Communication – Newsletter
Bokko enables service providers (Subscribers) to send newsletters to their guests who have previously provided voluntary consent.
Legal Basis
The legal basis for processing is exclusively the data subject's voluntary, specific, and withdrawable consent (GDPR Art. 6(1)(a), Art. 7). Providing consent is not a condition for completing a booking and can be withdrawn at any time.
Double Opt-in Process
Consent is collected through a two-step (double opt-in) process:
- The guest indicates their intent by checking an optional checkbox during the booking process.
- The system sends a confirmation email to the guest with a one-time, time-limited link.
- Consent is only set to granted status after the link is activated.
Guests will not receive newsletters until they activate the confirmation link.
Methods of Unsubscribing
- One-click unsubscribe link: Included in every newsletter email, with an RFC 8058 compliant
List-Unsubscribeheader and a text-based link. - Direct email request: Guests can request to be unsubscribed via email to the provider or Bokko.
- Dashboard request: While viewing booking details or their profile, guests can indicate their intent to the provider, who can then enforce it in the dashboard.
Suppression List
The system automatically excludes guests whose consent has been withdrawn, expired, or whose email address resulted in a hard bounce event. This applies immediately upon withdrawal.
Retention Periods
- Consent log (audit): 5 years from the date consent was granted or withdrawn, for legal and accountability purposes.
- Newsletter event log (openings, delivery status): 24 months.
Right to Withdraw
Guests may withdraw their consent at any time without justification. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. After withdrawal, the system immediately adds the email address to the suppression list.
3b. Post-Booking Review Request Email
Bokko enables Providers to send a single transactional review request email to the guest after an appointment has been marked completed. This feature is optional, off by default, and active only with the Provider's explicit opt-in. It is not marketing communication: the email contains no promotional content, no coupon, no rebooking call-to-action, no star rating, and no newsletter signup. The guest receives only a single service-experience question and the Provider's contact details.
Legal Basis
The legal basis is the Provider's legitimate interest in maintaining the customer relationship and obtaining service-quality feedback (GDPR Art. 6(1)(f)). Balancing test outcome: guests reasonably expect a single follow-up check after a service; the processing has low privacy intrusion (no profiling, no marketing content, the email contains no open- or click-tracking, and every email carries a one-click unsubscribe link).
Frequency Cap
The same guest receives at most one review request email within 90 days from the same Provider (frequent-guest protection). This cap is enforced system-wide and cannot be overridden by the Provider.
Unsubscribing from Review Request Emails
Every review request email contains a clickable unsubscribe link. After the guest confirms the unsubscribe (two-step flow: open link → confirm button), no further review request emails will be sent from this Provider to this guest (per-Provider, per-guest unsubscribe). The unsubscribe decision is irreversible from the system's perspective; to revoke it, the guest must contact the Provider directly.
Right to Object
Under GDPR Art. 21(1), the guest may object to processing for this purpose at any time. Upon objection, the Provider is required to cease further review request emails without undue delay.
Retention Periods
- Review request email audit (task) log: 3 months from creation. Operational audit and debugging purpose.
- Guest-level last-sent timestamp (used for the frequency cap): retained per the guest record retention period (see Retention and Deletion Policy).
4. Recipients, Data Processors, and Infrastructure Providers
Based on the current architecture, data may reach the following providers or infrastructure partners. Some providers participate only if optional features are activated.
- Google Firebase - Auth, Firestore, Cloud Functions, Hosting, and Firebase Analytics infrastructure.
- BulkGate (Spoje.net, s.r.o.) - SMS reminder delivery. EU-based; the SMS delivery chain may involve third countries.
- Mailjet - Transactional email delivery (booking status notifications, reminders, optional post-booking review requests).
- Sentry — Error monitoring and technical diagnostics. Bokko's Sentry configuration uses a
beforeSendhook for data minimization: email addresses, phone numbers, auth tokens, and booking tokens are redacted before transmission. - Google Calendar API - Optional calendar synchronization. Bokko requests minimal-privilege (
calendar.events) access; it only writes and reads events it created. Per-staff calendar push and deletion detection are only active after explicit opt-in connection by the staff member. - Google Maps Platform (Places API) — Address autocomplete for profiles and billing addresses; search characters are sent to Google servers without being linked to a booking profile.
- Stripe, Barion, SimplePay — Providers prepared for online payments, deposits, refunds, and related metadata, if the Subscriber activates such features. During Open Beta, online payment data flows managed by Bokko are inactive; these integrations are in a prepared state.
- Billingo, Számlázz.hu - Optional invoicing integrations and processing of billing data required for invoice issuance.
- Cloudflare - DNS management and Cloudflare Web Analytics: aggregated, cookie-less traffic measurement for getbokko.com; Bokko does not use this for individual user profiling. The script loads only upon analytics consent.
For some providers, data may be transferred outside the European Economic Area (EEA). Legality of data transfer is typically based on:
- Standard Contractual Clauses (SCC): Clauses adopted by the European Commission, which relevant providers rely upon.
- EU–US Data Privacy Framework (DPF): Where the processor is certified under the DPF, the transfer is lawful based on this adequacy decision.
Bokko relies on relevant provider and contractual guarantees, particularly SCCs and — where applicable — the EU–US Data Privacy Framework.
4a. External services (not sub-processors)
The booking page may display content from the external services listed below. These services act as independent controllers — not Bokko sub-processors. Their own privacy terms apply.
Google Maps
On booking pages, a Google Maps map may be displayed to show the provider's
address, provided that the provider selected their address via the Google Places
search and the map section is enabled.
The map does NOT load automatically; you must click a "Show map"
button to allow your browser to connect to Google services. After you click,
your choice is stored in your browser's local storage (localStorage
bokko.mapConsent) at the domain level — the map will then load
automatically on every other bokko.app booking page in the same browser.
When the map loads, your browser may connect to Google services. Google may
process technical data such as your IP address, browser and device information,
time of access, referrer information, and data based on your existing Google
cookies or sign-in state.
The use of Google Maps may also be subject to Google's Privacy Policy and Google's Terms of Service.
You can revoke your map setting at any time via the
privacy notice link on your booking page (accessible from
the booking page footer or the "Privacy" button). After revocation, all
Bokko booking pages will show the placeholder again, and you will need to
enable the map once more. (Technically, the revocation only works on the
booking.bokko.app origin pages — this notice on the current
getbokko.com page documents the process but cannot modify
your browser storage from a different origin.)
Google reCAPTCHA Enterprise
On public booking, registration and other surfaces sensitive to automated abuse, Bokko uses Google reCAPTCHA Enterprise bot- and abuse-filtering. The purpose of the protection is to prevent mass automated booking or registration attempts and to protect SMS- and email-delivery resources. The filter runs in the background; the user does not need to solve a puzzle and no click interaction is required — Google computes a risk score based on data coming from the browser and only the highest-risk traffic is rejected.
When using reCAPTCHA Enterprise, Google processes technical data automatically passed by your browser — such as IP address, browser and device signals, interaction and risk-analysis data — and sets a necessary cookie (see Section 7). The legal basis for processing is Bokko's legitimate interest in securely operating the service (GDPR Art. 6(1)(f)). Third party: Google Ireland Limited (EU). Further information: Google's Privacy Policy, reCAPTCHA Enterprise documentation.
5. Retention Periods
Bokko applies a specific retention and deletion policy. Detailed rules are available on the Retention & Deletion Policy page.
| Data Category | Rule |
|---|---|
| Service Provider account data | During the term of the contract, then 90 days, unless longer retention is required by law or for legal disputes. |
| Active and closed bookings | 60 months (5 years) from the appointment date or final status update, unless a legal dispute or claim makes longer retention necessary. |
| Technical and security logs | 12 months, unless a specific incident or dispute requires longer retention. |
| Billing and accounting records | At least 8 years — mandatory retention under Hungarian accounting laws. This is an independent controller purpose for Bokko. |
| Admin and security audit logs | Up to 7 years — based on legal enforcement and security obligations. Independent controller purpose for Bokko. |
| Support communication and internal admin notes | 7 years — based on accountability and enforcement possibilities. |
| System event logs (lifecycle audit) | 6 months — operational and incident investigation purposes; automatic purge. |
| Staff invitations | 30 days from expiry or acceptance — for email PII cleanup purposes. |
The complete, per-data-category retention table is available on the Retention and Deletion Policy page.
6. Data Subject Rights
Data subjects are entitled to the following rights under applicable law:
- Right of access,
- Right to rectification,
- Right to erasure (right to be forgotten),
- Right to restriction of processing,
- Right to data portability,
- Right to object to processing based on legitimate interests;
- Right against automated decision-making and profiling (GDPR Art. 22) — Bokko currently does not perform such processing; details: AI and Automated Processing.
If a request is related to a booking at a specific provider, the provider can handle the request effectively, as they are the data controller for guest booking data. Bokko, as a processor, supports the fulfillment of these requests without undue delay.
Requests regarding Bokko's independent data processing (e.g., provider account data) can be submitted directly to [email protected].
8. Data Security
According to current implementation, Bokko applies several technical protection measures, such as:
- Permission-based Firestore access rules,
- Restriction of direct client-side booking writes,
- Phone normalization and abuse-prevention rate limits,
- Token-based guest response pages for rescheduling — tokens are time-limited and single-use,
- Multi-layered automatic backups (Point-in-Time Recovery for 7 days, daily backup with 14-day retention, weekly backup with 84-day retention) — details in DPA Section 14.
However, absolute security on the internet cannot be guaranteed. Bokko applies access-logging, continuous review and incident-response procedures to protect data. In the event of a personal data breach, Bokko acts in accordance with applicable laws. Where Bokko acts as a controller for the processing concerned, it will notify the competent supervisory authority without undue delay and, where possible, within the 72-hour deadline under GDPR Article 33, and will notify the data subjects as well in cases of high risk. Where Bokko acts as a processor, the incident is reported to the affected service provider without undue delay.
Bokko processes only the necessary and proportionate data. The principle of data minimisation is enforced at the level of feature design and codebase.
9. Complaints and Contact
Data Protection Officer (DPO): Under GDPR Article 37, Bokko is not required to designate a DPO, because (a) it is not a public authority or body performing a public task, (b) its core activities do not require processing operations which by their nature, scope and/or purposes require regular and systematic monitoring of data subjects on a large scale, and (c) it does not process on a large scale special categories of data or criminal-conviction data. Data-protection questions can be directed to [email protected].
For privacy-related questions or requests, write to: [email protected]. Bokko responds without undue delay, and at the latest within the applicable legal deadlines.
In Hungary, complaints can also be filed with the National Authority for Data Protection
and Freedom of Information (NAIH):
NAIH
H-1055 Budapest, Falk Miksa utca 9-11, Hungary
Phone: +36 (1) 391-1400
Email: [email protected]
https://www.naih.hu/
10. Versioning
Bokko reserves the right to update this policy. In case of significant changes, the effective date of the new version will be indicated on this page, and separate notifications may be sent to service providers.
Review: Bokko reviews this policy annually, and whenever EU or Hungarian legislation changes, and reflects the identified changes in a new version. Previous effective versions are accessible from the bottom of the Legal Documents page.