Booking systems

RODO (GDPR) for Salons in Poland

By Jan VancakΒ· Founder of YourSalon2 min read

A salon processes more personal data than it seems: name, phone, e-mail, visit history, sometimes notes on preferences. In Poland the GDPR applies (known locally as RODO), supervised by UODO β€” the Personal Data Protection Office. This guide explains, without jargon, what RODO means for a salon and what to require from a booking system. It is informational, not legal advice β€” when in doubt, consult a specialist. As of June 2026.

What data a salon processes

Most often: contact details, service and visit history, and marketing consents. It helps to know which data is truly needed to deliver the appointment and which you collect additionally (e.g. for a newsletter). Less data means less risk β€” collect only what you will actually use.

Serving an appointment is usually based on delivering the service, not on consent. A separate, voluntary consent is needed for marketing β€” promotional texts and e-mails. Consent should be informed and easy to withdraw. Do not bundle one consent "for everything"; separate appointment handling from marketing, as they are two different bases.

Roles and access in the team

Not every staff member needs to see everything. A good booking system lets you assign roles: reception, staff, owner. That way only the right people access the full client base, and passwords do not circulate around the team. It also protects your business, not just RODO compliance.

Deletion and export

A client can ask to access, correct or delete their data. The system should make it quick to export and delete a specific client β€” without digging through spreadsheets. The same applies when you change providers: data must export cleanly. More on that in migrating from Booksy.

Security and storage

Data should be stored securely and access protected by a password. Avoid keeping the client base in private phones or loose files. An external system provider should offer a data processing agreement. The technical framework is covered in the general booking system and GDPR.

Lawful marketing

Sending marketing texts and e-mails requires consent and an easy way to opt out. Combine it with the client card and thoughtful reminders to send relevant, not mass, messages β€” which is both more effective and safer. Remember the separate rules on electronic communication.

A short checklist

  • Collect only the data you need.
  • Separate consents for service and marketing.
  • Set access roles in the team.
  • Ensure export and deletion of data.
  • Sign a processing agreement with your system provider.

Summary

RODO in a salon need not be scary. In practice it comes down to order: you collect only the data you need, have clear consents, control access and can export or delete data. A good booking system handles most of this for you. Product context: See YourSalon for salons in Poland.

Frequently asked questions

Try YourSalon for free

Online booking, automatic reminders and a POS in one place.

Start for free