Privacy Policy
(for the Bookcessful.com booking system)

Effective date: 2025-11-21

This Privacy Policy describes how the operator (Controller) of the Bookcessful.com booking system (Service) processes personal data.

1. Controller

Controller:
The company operating the Service
Klick Team Kft.
1045 Budapest, Széchenyi tér 10.
01 09 423745
27059021241
hello@bookcessful.com

2. Purpose of processing

Data is processed to operate the Service securely and reliably, in particular for:

Creating and managing user accounts
Operating the booking system
– for administrators
– for customers making a booking
Providing sign-in and access control
Maintaining contact (notifications, system messages)
Providing security functions
(password, session handling, audit mechanisms)

3. Personal data processed

Processing is limited to the fields stored in the Service’s users table:

Field	Content	Purpose of processing
id	Technical identifier	User identification
name	Full name (optional)	User and admin identification; supporting billing and communication processes
email	Email address	Login, booking notifications
email_verified_at	Verification timestamp	Security and authentication
password	Encrypted password	Account login
phone	Phone number (optional)	Contact, booking notifications
is_admin_global	Admin privilege flag	Managing admin permissions
remember_token	Token enabling automatic sign-in	Convenience feature, login session
created_at / updated_at	Creation and modification timestamps	Technical logging, security audit

The Service does not process special categories of personal data.

4. Legal basis

Under Article 6(1) GDPR:

Contract performance – data essential to use the Service;
Legitimate interest – system security and abuse prevention;
Legal obligation – e.g. invoicing, accounting;
Consent – optional data (e.g. phone number).

5. Processors

Third parties engaged for the technical operation of the Service (e.g. hosting, email).
Processors act only under documented agreements and in compliance with GDPR.

6. Storage period

While the user account is active: all data is retained.
After account deletion: personal data is permanently deleted within 30 days, except for data retained for accounting obligations.
Security logs: maximum 12 months.

7. Access to data

Access to personal data is restricted to:

authorised staff of the Controller (administrators),
processors (technical providers),
the data subject personally.

Access is role- and account-based within the Service.

8. Security measures

The Service protects personal data through multiple layers:

passwords stored with bcrypt hashing;
HTTPS encryption;
access control (admin privileges, tokens);
logging and audit functions;
regular updates and vulnerability management.

9. Data subject rights

The data subject has the right to:

receive information about processing;
request access to their data;
request rectification or erasure;
request restriction of processing;
data portability;
object to processing based on legitimate interest.

Requests can be submitted to the Controller’s email address.

10. Remedies

In case of complaints, the data subject may contact:

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9–11.
Web: www.naih.hu

11. Other provisions

The Controller reserves the right to modify this Privacy Policy.
Changes take effect upon publication within the Service.

Privacy Policy(for the Bookcessful.com booking system)