Poland · PL

Privacy policy for selling in Poland (2026)

If you sell to Polish consumers, you process their personal data and must meet information duties in a way Polish customers can understand — in Polish and referring to the Polish supervisory authority, PUODO. The GDPR applies across the EU, but the language, cookie consent and complaint authority need to be made concrete for the Polish market. Below is what your policy for Poland should contain.

Create account

Which data protection law applies when selling to Poland?

The GDPR applies across the EU, and RODO is merely its Polish application — the same regulation in substance. When selling to Polish consumers the principles stay the same, but three points must be made concrete for the Polish market: the language of the policy, cookie consent under Polish law and the reference to the competent authority, PUODO.

What the policy must contain

As with any GDPR-compliant privacy policy: controller, purposes and legal bases, recipients, retention period and data subject rights. For Poland, add the Polish language so consumers understand their rights, and information on the right to complain to PUODO.

Cookies under Polish law

Non-essential cookies and tracking technologies require opt-in consent collected before they are set. A mere information banner is not enough.

How to prepare the policy for Poland

Instead of translating your existing policy, generate a privacy policy tailored to your real processes for the Polish market — in Polish, with the correct legal bases and a reference to PUODO, ready to publish in minutes.

Generate this document in minutes

Create an account and generate all the legal documents for your shop — without a lawyer, with updates whenever the law changes.

Create account

Frequently asked questions

Is it the GDPR or the Polish RODO that applies to Polish customers?

RODO is the Polish application of the GDPR — the same EU regulation. For the Polish market, however, the language, cookie consent and competent authority (PUODO) need to be made concrete.

Is my existing privacy policy enough for Poland?

The GDPR content is the same, but Polish consumers must understand their rights in an accessible language; the policy should be in Polish and refer to PUODO.

What is PUODO?

The President of the Polish data protection office — the Polish supervisory authority where individuals can complain and which can impose fines.

This document for other markets