1. Data Controller Roles
Bokko is an online appointment request and booking management platform for personal service providers. The system handles two distinct data processing scenarios:
- Service Provider Accounts and Platform Operation: Bokko is an independent data controller regarding provider account data, access credentials, technical and security logs.
- Guest Bookings: The primary business purpose of the booking data provided by guests is to enable the selected service provider to manage the request. Regarding guest booking data, the service provider is the data controller, and Bokko acts as a data processor. Exceptions include cases where Bokko has independent decision-making authority for platform security, abuse prevention, or legal compliance purposes — in these cases, Bokko acts as an independent data controller.
- Platform-level Processing: Bokko may perform certain processing operations as an independent data controller for the purposes of operating, developing the service, and fulfilling the billing relationship. Where Bokko uses data for statistical or development purposes, such processing is performed in an anonymized format that cannot be traced back to the data subject.
The allocation of roles between Bokko and the service providers is recorded in a Data Processing Agreement (DPA) under Article 28 of the GDPR, which forms part of Bokko's Service Agreement. The subject of the agreement is the processing of guest booking data, its duration lasts for the term of the contractual relationship, the data categories and data subjects are listed in Section 2 of this policy, and the right to issue instructions belongs to the service provider. Bokko does not make business decisions regarding the specific terms and content of the service provided; however, it independently performs the technical processing operations necessary for the platform's operation. Therefore, regarding guest booking data, the service provider is the data controller.
Open Beta Operation. Bokko is currently in its Open Beta phase, operated by a private individual;
company formation is planned, the date is not yet fixed. Operator's basic data according to Act CVIII of 2001 (Ektv.):
Operator: Dávid Mácsik (private individual)
Address: 7100 Szekszárd, Fürdőház utca 1, Hungary
Electronic contact: [email protected]
Information regarding the hosting provider is available on the
Imprint & Contact page.
2. Scope of Processed Data
Based on current application logic, Bokko processes the following data.
| Data Subjects | Data Category | Notes |
|---|---|---|
| Guests | Name, phone number, optional email address, optional note | Provided in the booking form. |
| Guests | Requested service, preferred or confirmed date and time, booking status | Required for recording, managing, and confirming the booking request. |
| Guests | Notification and event log data | SMS/email sending times, status changes, replies, delivery metadata. |
| Guests | Data related to token-based response and cancellation links | For accepting/declining reschedule proposals and other guest-side operations. |
| Guests | Technical and transactional metadata related to online payments, deposits, card guarantees, and refunds | Processed only if the specific service provider activates online payment features. |
| Guests | Billing data | Name, company name, tax ID, address, and billing email, if the guest requests an invoice. |
| Guests | Browser-side stored data | Consent state, language and appearance preferences, and pre-filling of name/email in the booking form. |
| Service Providers | Email address, Firebase ID, provider details | For logging in and using the dashboard. |
| Service Providers | Two-factor authentication (TOTP/MFA) metadata | If activated: TOTP secret and encrypted recovery code hashes, timestamps of last successful/failed login attempts. The secret itself is never decrypted for purposes other than authentication. |
| Service Providers | Provider name, slug, phone number, address, business hours, notification email | For operating the public booking page and notifications. |
| Guests / Providers | Google Calendar event data (guest name, service name, time) |
When optional Google Calendar synchronization is enabled, Bokko uses the Google Calendar API exclusively to: (a) create, update, and delete booking events it has written to the connected calendar; (b) retrieve the user's calendar list for synchronization settings; (c) query busy intervals for conflict detection. Bokko never reads the content of other calendar entries (titles, descriptions, attendees, etc.).
Per-staff calendar push: If a staff member enables this feature, Bokko also writes bookings to the staff member's personal Google Calendar using the booking's own data. Bokko only touches events it has created and does not access any other entries in the staff member's calendar. Two-way sync (deletion detection): If a staff member deletes a Bokko booking event from their Google Calendar, Bokko by default only notifies the business owner (the booking remains unchanged). If the staff member has explicitly opted in to "cancel booking" mode, Bokko will also cancel the booking, and this consent is recorded during the staff member's calendar connection setup. |
| Guests / Providers | Health monitoring and diagnostic data | Runtime errors, exceptions, and technical diagnostics related events for system stability. |
3. Purposes and Legal Bases for Processing
| Purpose | Involved Data | Primary Legal Basis |
|---|---|---|
| Recording and managing booking requests | Guest name, phone, service, time, note | GDPR Art. 6(1)(b) - steps prior to entering into a contract or performance of a contract |
| Sending SMS or email notifications about booking status | Phone, email, status data | GDPR Art. 6(1)(b) and, where applicable, Art. 6(1)(f) |
| Dashboard access and permission management | Provider email, identifier | GDPR Art. 6(1)(b) |
| Online payment, deposit management, card guarantee, and billing administration | Payment metadata, billing data, payment states linked to booking | GDPR Art. 6(1)(b) or, where required by law, Art. 6(1)(c) |
| Abuse prevention, rate limiting, system security | Normalized phone number, technical events, logs | GDPR Art. 6(1)(f) – legitimate interest, particularly for system security, abuse prevention, and service stability. Bokko performs a legitimate interest assessment (LIA). |
| Error monitoring and operational diagnostics | Technical error reports, exception and performance data | GDPR Art. 6(1)(f) – legitimate interest for system stability, error handling, and security |
| Consent-based analytics | Analytical events and required browser identifiers | GDPR Art. 6(1)(a) – data subject's consent |
| Compliance with legal obligations, legal enforcement | Relevant data related to the specific case | GDPR Art. 6(1)(c) and Art. 6(1)(f) |
| Platform operation, service development, and billing administration | Minimum necessary provider and usage data, or anonymized statistical data where applicable | GDPR Art. 6(1)(b) for contract performance; Art. 6(1)(f) for legitimate interest in service development |
| Newsletter – marketing communication to guests | Guest email address, name, consent status, and legal basis log | GDPR Art. 6(1)(a) – data subject's voluntary, informed, and withdrawable consent. Details: Section 3a. |
| Post-booking review request email after the completed service — optional feature, enabled at the Provider's discretion | Guest name, email address, service name, completion timestamp, Provider contact details (display only) | GDPR Art. 6(1)(f) – legitimate interest of the Provider in maintaining the customer relationship and obtaining service-quality feedback. Details: Section 3b. |
3a. Marketing Communication – Newsletter
Bokko enables service providers (Subscribers) to send newsletters to their guests who have previously provided voluntary consent.
Legal Basis
The legal basis for processing is exclusively the data subject's voluntary, specific, and withdrawable consent (GDPR Art. 6(1)(a), Art. 7). Providing consent is not a condition for completing a booking and can be withdrawn at any time.
Double Opt-in Process
Consent is collected through a two-step (double opt-in) process:
- The guest indicates their intent by checking an optional checkbox during the booking process.
- The system sends a confirmation email to the guest with a one-time, time-limited link.
- Consent is only set to granted status after the link is activated.
Guests will not receive newsletters until they activate the confirmation link.
Methods of Unsubscribing
- One-click unsubscribe link: Included in every newsletter email, with an RFC 8058 compliant
List-Unsubscribeheader and a text-based link. - Direct email request: Guests can request to be unsubscribed via email to the provider or Bokko.
- Dashboard request: While viewing booking details or their profile, guests can indicate their intent to the provider, who can then enforce it in the dashboard.
Suppression List
The system automatically excludes guests whose consent has been withdrawn, expired, or whose email address resulted in a hard bounce event. This applies immediately upon withdrawal.
Retention Periods
- Consent log (audit): 5 years from the date consent was granted or withdrawn, for legal and accountability purposes.
- Newsletter event log (openings, delivery status): 24 months.
Right to Withdraw
Guests may withdraw their consent at any time without justification. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. After withdrawal, the system immediately adds the email address to the suppression list.
3b. Post-Booking Review Request Email
Bokko enables Providers to send a single transactional review request email to the guest after an appointment has been marked completed. This feature is optional, off by default, and active only with the Provider's explicit opt-in. It is not marketing communication: the email contains no promotional content, no coupon, no rebooking call-to-action, no star rating, and no newsletter signup. The guest receives only a single service-experience question and the Provider's contact details.
Legal Basis
The legal basis is the Provider's legitimate interest in maintaining the customer relationship and obtaining service-quality feedback (GDPR Art. 6(1)(f)). Balancing test outcome: guests reasonably expect a single follow-up check after a service; the processing has low privacy intrusion (no profiling, no marketing content, the email contains no open- or click-tracking, and every email carries a one-click unsubscribe link).
Frequency Cap
The same guest receives at most one review request email within 90 days from the same Provider (frequent-guest protection). This cap is enforced system-wide and cannot be overridden by the Provider.
Unsubscribing from Review Request Emails
Every review request email contains a clickable unsubscribe link. After the guest confirms the unsubscribe (two-step flow: open link → confirm button), no further review request emails will be sent from this Provider to this guest (per-Provider, per-guest unsubscribe). The unsubscribe decision is irreversible from the system's perspective; to revoke it, the guest must contact the Provider directly.
Right to Object
Under GDPR Art. 21(1), the guest may object to processing for this purpose at any time. Upon objection, the Provider is required to cease further review request emails without undue delay.
Retention Periods
- Review request email audit (task) log: 3 months from creation. Operational audit and debugging purpose.
- Guest-level last-sent timestamp (used for the frequency cap): retained per the guest record retention period (see Retention and Deletion Policy).
4. Recipients, Data Processors, and Infrastructure Providers
Based on the current architecture, data may reach the following providers or infrastructure partners. Some providers participate only if optional features are activated.
- Google Firebase - Auth, Firestore, Cloud Functions, Hosting, and Firebase Analytics infrastructure.
- BulkGate (Spoje.net, s.r.o.) - SMS reminder delivery. EU-based; the SMS delivery chain may involve third countries.
- Mailjet - Transactional email delivery (booking status notifications, reminders, optional post-booking review requests).
- Sentry — Error monitoring and technical diagnostics. Bokko's Sentry configuration uses a
beforeSendhook for data minimization: email addresses, phone numbers, auth tokens, and booking tokens are redacted before transmission. - Google Calendar API - Optional calendar synchronization. Bokko requests minimal-privilege (
calendar.events) access; it only writes and reads events it created. Per-staff calendar push and deletion detection are only active after explicit opt-in connection by the staff member. - Google Maps Platform (Places API) — Address autocomplete for profiles and billing addresses; search characters are sent to Google servers without being linked to a booking profile.
- Stripe, Barion, SimplePay — Providers prepared for online payments, deposits, refunds, and related metadata, if the Subscriber activates such features. During Open Beta, online payment data flows managed by Bokko are inactive; these integrations are in a prepared state.
- Billingo, Számlázz.hu - Optional invoicing integrations and processing of billing data required for invoice issuance.
- Cloudflare - DNS management and Cloudflare Web Analytics: aggregated, cookie-less traffic measurement for getbokko.com; Bokko does not use this for individual user profiling. The script loads only upon analytics consent.
For some providers, data may be transferred outside the European Economic Area (EEA). Legality of data transfer is typically based on:
- Standard Contractual Clauses (SCC): Clauses adopted by the European Commission, which relevant providers rely upon.
- EU–US Data Privacy Framework (DPF): Where the processor is certified under the DPF, the transfer is lawful based on this adequacy decision.
Bokko relies on relevant provider and contractual guarantees, particularly SCCs and — where applicable — the EU–US Data Privacy Framework.
4a. External services (not sub-processors)
The booking page may display content from the external services listed below. These services act as independent controllers — not Bokko sub-processors. Their own privacy terms apply.
Google Maps
On booking pages, a Google Maps map may be displayed to show the provider's
address, provided that the provider selected their address via the Google Places
search and the map section is enabled.
The map does NOT load automatically; you must click a "Show map"
button to allow your browser to connect to Google services. After you click,
your choice is stored in your browser's local storage (localStorage
bokko.mapConsent) at the domain level — the map will then load
automatically on every other bokko.app booking page in the same browser.
When the map loads, your browser may connect to Google services. Google may
process technical data such as your IP address, browser and device information,
time of access, referrer information, and data based on your existing Google
cookies or sign-in state.
The use of Google Maps may also be subject to Google's Privacy Policy and Google's Terms of Service.
You can revoke your map setting at any time via the
privacy notice link on your booking page (accessible from
the booking page footer or the "Privacy" button). After revocation, all
Bokko booking pages will show the placeholder again, and you will need to
enable the map once more. (Technically, the revocation only works on the
booking.bokko.app origin pages — this notice on the current
getbokko.com page documents the process but cannot modify
your browser storage from a different origin.)
5. Retention Periods
Bokko applies a specific retention and deletion policy. Detailed rules are available on the Retention & Deletion Policy page.
| Data Category | Rule |
|---|---|
| Service Provider account data | During the term of the contract, then 90 days, unless longer retention is required by law or for legal disputes. |
| Active and closed bookings | 60 months (5 years) from the appointment date or final status update, unless a legal dispute or claim makes longer retention necessary. |
| Technical and security logs | 12 months, unless a specific incident or dispute requires longer retention. |
| Billing and accounting records | At least 8 years — mandatory retention under Hungarian accounting laws. This is an independent controller purpose for Bokko. |
| Admin and security audit logs | Up to 7 years — based on legal enforcement and security obligations. Independent controller purpose for Bokko. |
| Support communication and internal admin notes | 7 years — based on accountability and enforcement possibilities. |
| System event logs (lifecycle audit) | 6 months — operational and incident investigation purposes; automatic purge. |
6. Data Subject Rights
Data subjects are entitled to the following rights under applicable law:
- Right of access,
- Right to rectification,
- Right to erasure (right to be forgotten),
- Right to restriction of processing,
- Right to data portability,
- Right to object to processing based on legitimate interests;
- Right against automated decision-making and profiling (GDPR Art. 22) — Bokko currently does not perform such processing; details: AI and Automated Processing.
If a request is related to a booking at a specific provider, the provider can handle the request effectively, as they are the data controller for guest booking data. Bokko, as a processor, supports the fulfillment of these requests without undue delay.
Requests regarding Bokko's independent data processing (e.g., provider account data) can be submitted directly to [email protected].
8. Data Security
According to current implementation, Bokko applies several technical protection measures, such as:
- Permission-based Firestore access rules,
- Restriction of direct client-side booking writes,
- Phone normalization and abuse-prevention rate limits,
- Token-based guest response pages for rescheduling — tokens are time-limited and single-use.
However, absolute security on the internet cannot be guaranteed. In the event of a personal data breach, Bokko acts in accordance with applicable laws, notifying the supervisory authority and, in case of high risk, the data subjects as required.
9. Complaints and Contact
For privacy-related questions or requests, write to: [email protected]. Bokko responds without undue delay, and at the latest within the applicable legal deadlines.
In Hungary, complaints can also be filed with the National Authority for Data Protection
and Freedom of Information (NAIH):
NAIH
H-1055 Budapest, Falk Miksa utca 9-11, Hungary
https://www.naih.hu/
10. Versioning
Bokko reserves the right to update this policy. In case of significant changes, the effective date of the new version will be indicated on this page, and separate notifications may be sent to service providers.