When Do You Have to Give Your PESEL in Poland? Your Rights Under RODO

Next time someone asks for your PESEL and the request feels wrong, ask them one question: "What is the legal basis for collecting this?" Under RODO (Poland's name for GDPR), they are obligated to answer, and if they can't cite a specific law, you can refuse. Your PESEL is personal data. Polish law requires it in a handful of defined situations, and outside those situations, no amount of "it's company policy" makes the request legitimate.

What RODO Actually Means for Your PESEL

RODO is the Polish implementation of the EU's General Data Protection Regulation, in effect since May 25, 2018 ^[1]. The enforcement body in Poland is UODO (Urząd Ochrony Danych Osobowych), the Office for Personal Data Protection ^[2].

Your PESEL counts as personal data because it uniquely identifies you ^[3]. Anyone collecting it must have one of six legal bases under Article 6 of GDPR: legal obligation, contract performance, legitimate interest, consent, vital interest, or public task ^[4]. In practice, nearly every legitimate PESEL request falls under legal obligation or contract performance. The rest are noise.

The burden of justification sits with whoever is asking, not with you. You never need to explain why you're refusing. They need to explain why they're collecting.

When You Must Provide Your PESEL

These are the situations where a specific Polish law mandates PESEL collection. You cannot refuse here.

Employment

Your employer collects your PESEL during onboarding. The Labour Code (Kodeks pracy) and tax reporting rules require it for payroll, PIT filings, and ZUS (social insurance) registration ^[5]. This applies regardless of contract type: umowa o pracę, umowa zlecenie, or umowa o dzieło.

Banking and Financial Services

Banks require PESEL when you open an account. Poland's anti-money laundering law (ustawa o przeciwdziałaniu praniu pieniędzy) mandates identity verification, and PESEL is part of that process ^[6]. The same applies to loan applications, credit checks, and insurance policies.

Healthcare

The public health system (NFZ) uses PESEL as its patient identifier. Doctors, clinics, hospitals, and pharmacies processing NFZ-covered prescriptions all require it. Private clinics typically request it too, since they report certain data to health authorities.

Tax Administration

The tax office (urząd skarbowy) uses PESEL as the tax identifier for individuals without a registered business. Since 2022, if you don't have a NIP (Numer Identyfikacji Podatkowej), your PESEL goes on every tax form ^[7].

Named Invoices

If you request a personal invoice (faktura na osobę fizyczną) from a business, the seller needs either your NIP or your PESEL. Business purchase: NIP. Personal purchase with a named invoice: PESEL ^[7].

Notary Transactions

Any notarial deed (akt notarialny) requires your PESEL. Property purchases, powers of attorney (pełnomocnictwo), company formation documents. The Prawo o notariacie mandates it ^[8].

Court and Legal Proceedings

Courts require PESEL in filings: lawsuits, motions, inheritance proceedings. No way around it.

When You Can Refuse

Outside the situations above, most PESEL requests have no legal basis. Here's where people push back successfully.

Loyalty Programs and Store Memberships

No law requires your PESEL for a discount card. A loyalty program works fine with a name and email address. If a shop insists, refuse.

Gym Memberships and Subscriptions

Fitness chains sometimes slip PESEL into their sign-up forms. Unless the membership involves a financed installment plan (which triggers a credit check), there is no legal basis. "Company policy" is not a legal basis under RODO.

Receipts

A standard receipt (paragon) is anonymous. Your PESEL should never appear on one. If a cashier asks for your PESEL when printing a receipt, say no. PESEL is relevant on named invoices, not receipts.

Landlords and Rental Agreements

This is the grey area. If the lease is a notarial deed, PESEL is required. For a standard rental contract (umowa najmu), including PESEL is common practice but not strictly mandated by law. You can negotiate. Many landlords accept a passport number or residence card number instead. Your leverage depends on the rental market, obviously, but the legal right to push back exists.

Telecoms and Utilities

If the contract includes a financed phone or installment plan, the operator runs a credit check, and credit checks require PESEL. If you're buying a prepaid SIM or signing a no-commitment plan, PESEL is not legally required. Operators still request it routinely. Whether you want to fight that battle at the point of sale is a practical question, not a legal one.

How to Challenge a PESEL Request

Under RODO Article 13, any data controller must inform you of the legal basis for collection before they collect your data ^[9]. The question to ask is simple: "What is the legal basis for collecting my PESEL?"

If they cite a specific statute (tax code, AML law, labour code), the request is legitimate. If the answer is "we need it for our records" or "it's required in our system," you're looking at a request with no legal backing. Decline and see what happens. In most cases, the transaction proceeds without it.

How PESEL Appears on Your Documents

Your residence card (karta pobytu) shows your PESEL on the front. So does a Polish ID card (dowód osobisty), if you have one. It appears on tax forms, employment contracts, prescriptions, bank statements, and insurance documents.

This matters for risk assessment. A photocopy of your residence card is more sensitive than a photocopy of your rental contract, because the residence card includes your PESEL, photo, and signature in one place. Be selective about who gets photocopies of identity documents.

What to Do If Your PESEL Is Misused

Two paths.

Request deletion directly. Under RODO Article 17, you can demand erasure of personal data collected without a legal basis ^[10]. Put the request in writing. Email is fine.

File a complaint with UODO. The complaint form is on uodo.gov.pl ^[2]. Include what data was collected, by whom, and why the collection was unlawful. UODO investigates and can impose fines.

If you suspect your PESEL has been exposed through a data breach or fraud, consider blocking your PESEL (officially called zastrzeżenie numeru PESEL). A blocked PESEL cannot be used to open bank accounts, take out loans, or sign certain contracts. You can block and unblock it through the mObywatel app or at your local municipal office (urząd gminy) ^[11].

PESEL vs. NIP on Invoices

This trips people up, especially freelancers.

NIP is your business tax number. PESEL is your personal tax identifier. On any given invoice, you provide one or the other, never both ^[7].

Say you're a freelancer buying a new monitor for 1,349 PLN. If you buy it through your działalność gospodarcza (registered business), the invoice carries your NIP. If you buy it for personal use and want a named invoice, the invoice carries your PESEL. If a seller asks for both on the same document, something is wrong. Clarify whether the purchase is business or personal, then provide the corresponding number.

Protecting Your PESEL Day-to-Day

Never share your PESEL over the phone unless you initiated the call and you're certain who you're speaking to: your bank, your employer's HR department, a government office. Scammers use phone calls to harvest PESEL numbers for fraudulent loan applications.

Avoid sending your PESEL in unencrypted emails. If a recipient requires it for a documented legal purpose, ask whether their system supports encrypted communication or whether you can provide it through a secure portal.

When a business asks for a photocopy of your residence card or ID "for their files," ask whether a less sensitive form of identification would work. Often it will.

Common Questions

Can a shop put my PESEL on a receipt?

No. A receipt (paragon) is anonymous by design. PESEL belongs on named invoices (faktury), not receipts.

What if a company collected my PESEL and won't delete it?

Request deletion in writing citing RODO Article 17 ^[10]. If they ignore you, file a complaint with UODO at uodo.gov.pl. UODO can compel deletion and impose fines.

Can I block my PESEL temporarily and unblock it when I need it?

Yes. Blocking and unblocking through mObywatel or your urząd gminy is instant and free ^[11]. There's no downside to keeping it blocked by default and unblocking only when a legitimate transaction requires it.

References

1. Regulation (EU) 2016/679 (General Data Protection Regulation) — Full Text — eur-lex.europa.eu
2. Personal Data Protection Office (UODO) — Official Website (English) — uodo.gov.pl
3. Article 4 GDPR — Definitions of Personal Data — gdpr-info.eu
4. Article 6 GDPR — Lawfulness of Processing — gdpr-info.eu
5. Data Processing in the Employment Context — Polish Labour Code Art. 22¹ — Baker McKenzie
6. AML and CTF Law and Regulation in Poland — CMS Expert Guide — cms.law
7. What Is a NIP — PESEL as Tax Identifier for Individuals — biznes.gov.pl
8. Obtain a PESEL Number — A Service for Foreigners (English) — gov.pl
9. Article 13 GDPR — Information to Be Provided at Data Collection — gdpr-info.eu
10. Article 17 GDPR — Right to Erasure (Right to Be Forgotten) — gdpr-info.eu
11. Block Your PESEL Number or Reverse the Block — gov.pl