1. Data processing roles
In the Bokko system, the data controller of the guests' personal data is the salon whose owner invited you. The controller determines the purposes and means of processing and bears controller liability under the GDPR.
Bokko, as platform provider — in respect of processing the salon's guest data — acts as a data processor on behalf and under the instructions of the salon. This role only covers guest data and the processing operations carried out for the salon; in other processing operations Bokko may also act as an independent controller.
You — as a staff member — are not an independent GDPR actor in this framework. You access personal data on the authorization and instructions of the controller (the salon owner) and may only process it under their direction. You do not determine the purposes or the means.
1/A. Legal basis for processing and identification of the controller
Data controller: The sole proprietor, limited partnership, limited liability company, or other legal form that operates the salon and invited you. The controller's legal name and details are recorded in the salon dashboard profile, and data subject rights must be enforced against the controller (salon owner).
Legal basis for processing: GDPR Article 6(1)(b) — processing necessary for the performance of an employment or service contract. Certain security and logging operations rely on GDPR Article 6(1)(f) — the controller's legitimate interest in ensuring platform security and data protection compliance.
Since the legal basis is the performance of the employment relationship (not consent), separate consent to processing is not required, and withdrawal of consent cannot be interpreted in this context.
2. What you have access to
Your access rights depend on the role assigned to you by the salon owner (need-to-know principle). Typically you may access:
- Guest name, phone number, email address, and notes,
- Booking requests received by the salon and their details (date, time, service, guest data),
- Your own calendar and — depending on role — the calendars of other staff,
- The data of the salon's public profile (opening hours, services, prices).
The salon owner may modify or revoke your access at any time. Only touch as much data as you actually need to perform your task.
3. Your obligations
Access to the Bokko system is conditional on you observing the following:
- Purpose limitation: You may use guest data exclusively for performing your work at the salon. Not for any other purpose — in particular not for your own business or for the benefit of a third party.
- Confidentiality: Treat guests' personal data as confidential. You may not make it public, hand it over to unauthorized persons, and the duty of confidentiality continues to apply after the relationship has ended.
- Security measures: Store your login credentials (email, password) securely; do not share them. Promptly report any unauthorized access to your account or any suspected personal data breach (see Section 5).
- Data minimization: Process only the data you actually need to perform your task.
- Following instructions: You may not deviate from the controller's (salon owner's) instructions; if you have doubts about the lawfulness of an instruction, flag it to the owner without delay.
4. Prohibited activities
The following activities are expressly prohibited:
- Exporting or copying guest lists, booking data, or any personal data for your own purposes,
- Contacting guests after the employment relationship with the salon has ended, using data obtained through your access,
- Sharing guest data with third parties (e.g., other salons, marketing companies) without the controller's express permission,
- Sharing Bokko system access credentials (password, invitation link) with unauthorized persons,
- Intentional unauthorized modification, deletion, or corruption of data.
Breach of these rules may entail labor-law, civil-law, criminal-law (where applicable), and data protection authority consequences.
5. Incident reporting
You must promptly report any suspected personal data breach — including unauthorized access, data loss, data corruption, or unauthorized transmission — to the salon owner and, where Bokko's operational process so requires, also to Bokko ([email protected]).
Under Article 33 of the GDPR, the controller (the salon) must notify a personal data breach without undue delay and, where feasible, no later than 72 hours after becoming aware of it, to the competent supervisory authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. This deadline can only be met if the salon owner is informed about the incident in time. Delayed notification increases the controller's liability.
6. Termination of access
Your access to the Bokko system terminates if:
- your employment relationship or contract with the salon ends,
- the salon owner revokes your access,
- the salon deletes its Bokko account.
After your access is terminated, you may not access data stored in the Bokko system. The duty of confidentiality continues to apply after termination of access.
Retention period: Data may be retained for the duration of the employment relationship and, after its termination, for at least 3 years (taking into account labor-law and claims-enforcement periods), or for as long as an ongoing legal dispute or authority procedure makes it necessary.
Data deletion and anonymization workflow
Removal of a staff profile and handling of personal data may occur through three different technical processes, depending on the lifecycle stage at which access ends:
unlink_staff— detaches the Bokko user account (Firebase Auth uid) from the staff profile; the staff member can no longer access the salon dashboard, but the staff profile remains referenceable in the booking history. PII anonymization is NOT performed by this operation.remove_member— full removal of the staff profile (deactivation + detachment of linked account); active booking assignments are rebalanced or remain in the booking history anonymized as "removed staff member." The staff profile's PII fields (name, email) are anonymized as part of this operation.anonymize_staff_member— explicit PII cleanup: the name and email fields of the staff profile are anonymized immediately. This operation is used to enforce GDPR Article 17 (right to erasure) or for long-term archival state. Booking history is preserved in anonymized form for statistical purposes and accounting record consistency.
Every anonymization operation is recorded in the admin audit log retained for 7 years (timestamp, admin identifier, affected staff identifier, operation type). Detailed retention periods are listed in the Retention Policy under "Staff profile PII" and "Admin and security audit log."
7. Data subject rights and contact
Data subject requests concerning guests' personal data (access, erasure, rectification, etc.) are primarily handled by the salon as controller. Data subjects should therefore, as a rule, contact the salon owner.
As a data processor, Bokko may provide technical and administrative support to the salon in fulfilling data subject requests, in accordance with its own contractual and data processing framework. For platform-level data processing questions Bokko can be reached at [email protected].
In case of a complaint, the data subject may turn to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) through the authority's official intake channels: naih.hu.
Document version: 2026-04-15 · Review: at least once a year, and in case of material product, authorization, or legal changes.