Bokko — Data Processing Agreement (DPA)

1. Parties and Definitions

Data Controller: The business subscriber (the "Subscriber") processing guest data.

Data Processor: Bokko, the platform operator, processing data on behalf of the Subscriber.

Definitions for Personal Data, Processing, and Data Subject are as per Article 4 of the GDPR.

2. Subject and Duration

This DPA governs the processing of guest booking data performed by Bokko on behalf of the Subscriber. It remains in force for the duration of the contractual relationship.

3. Nature and Purpose of Processing

Bokko performs the following operations on behalf of the Subscriber:

receiving and managing booking requests;
sending transactional notifications (emails/SMS);
storing guest profiles and booking history;
technical service for payments and invoicing integrations.

4. Data Categories and Data Subjects

Data Subjects: Guests (customers of the Subscriber).

Categories: Name, phone number, email, service details, booking status history, payment/billing metadata, and consent logs.

Prohibited Data: The Subscriber is strictly prohibited from recording special categories of data (GDPR Art. 9) on the platform.

5. Right to Instruct

The Subscriber is the controller and has the sole right to instruct. Bokko processes data only based on documented instructions, including platform configuration settings.

6. Confidentiality

Bokko ensures that persons authorized to process data have committed themselves to confidentiality and access data only on a need-to-know basis.

7. Technical and Organizational Measures (Art. 32)

Bokko implements appropriate technical and organizational measures (TOMs), including encryption at rest and in transit, role-based access control, and tokenized guest response flows.

8. Sub-processors

Bokko has general authorization to engage sub-processors. The current list is available at getbokko.com/legal/sub-processors. Subscribers will be notified of changes 14 days in advance and have the right to object.

9. International Transfers

Transfers outside the EEA are based on Standard Contractual Clauses (SCC) or the EU–US Data Privacy Framework (DPF).

10. Supporting Data Subject Rights

Bokko assists the Subscriber in fulfilling requests from data subjects to exercise their rights under GDPR Chapter III.

11. Data Breaches

Bokko notifies the Subscriber of personal data breaches without undue delay after becoming aware of them.

14. Deletion and Return

Upon termination, Bokko provides a 30-day window for the Subscriber to export data via the self-service export function. After this window expires, Bokko deletes or anonymizes the data, except where law requires retention (e.g., accounting obligations applicable to Bokko as invoice issuer).

Scope note — Bokko's own logs: Security, access, and audit logs necessary for the operation of the system (access log, rate limiting, security telemetry, fraud prevention) may be retained by Bokko as an independent controller — based on its own legal obligations and legitimate interests in legal defence. The deletion obligation under this DPA does not extend to such logs; the applicable retention periods are set out in the Retention Policy.

Backups: With regard to the Firestore database, Bokko operates several complementary backup mechanisms exclusively for disaster recovery and continuity purposes:

Point-in-Time Recovery (PITR): the database can be restored to any point within the last 7 days — 1-minute granularity for the last 1 hour, 1-hour buckets for 7 days.
Daily automatic backup: 14-day retention on the entire Firestore database.
Weekly automatic backup: every Monday, 84-day (12-week) retention on the entire Firestore database.

Backup mechanisms serve only system-level disaster recovery; restoration of individual guest records is generally not performed — unless required to fulfil a legal obligation or for official proceedings. Backups are stored encrypted at rest (encryption-at-rest) on the Google Cloud platform, protected by the same access-control mechanisms as the live database.

At the Subscriber's request, Bokko issues written confirmation of the deletion.

Temporary retention suspension (legal hold): Upon the Subscriber's documented instruction, Bokko may temporarily suspend the execution of deletion with respect to specific records if continued retention is necessary for the fulfilment of a legal obligation, for official proceedings, or for the establishment, exercise, or defence of legal claims. Such retention is purpose-bound, time-limited and documented; upon termination of the suspension, Bokko processes the affected records according to the general deletion rules. The suspension request and its justification must be sent in writing by the Subscriber ([email protected]).

15. Liability

Liability for data protection-related damages is governed by Article 82 of the GDPR. General liability limits in the Service Agreement do not apply to GDPR Art. 82 claims.

16. Governing Law

Hungarian law and the GDPR apply. Supervisory authority: NAIH (Hungary).