Czy poradzę sobie bez prawnika?

Tak. Dokumenty są napisane normalnym językiem, nie prawniczym. Każdy szablon ma instrukcję wypełniania. Jeśli wynajmujesz zwykłe mieszkanie albo apartament, nie potrzebujesz prawnika. Przy nietypowych przypadkach (zabytek, budynek użyteczności publicznej) warto się skonsultować.

Mam jedno mieszkanie na Airbnb. Też muszę się rejestrować?

Tak. Rozporządzenie UE dotyczy każdego, kto oferuje wynajem krótkoterminowy, niezależnie czy to jedno mieszkanie czy dwadzieścia. Bez numeru CWTON platforma musi zdjąć Twoją ofertę.

Kiedy dostanę pliki?

Od razu po zapłacie. Dostajesz e-mail z linkami do pobrania i widzisz wszystko w zakładce Moje konto. Nie musisz na nic czekać.

Mam kilka mieszkań. Muszę kupować osobne pakiety?

Nie. Jeden pakiet to szablony, które kopiujesz i wypełniasz osobno dla każdego obiektu. Nie ma limitu na liczbę mieszkań.

Czym się różnią pakiety Starter, Standard i Full?

Starter to minimum: rejestracja CWTON, regulamin porządkowy i dokumenty ppoż. Standard daje pełną dokumentację (12 szablonów, kalkulator podatkowy, listy kontrolne, słowniczek pojęć). Pełna Zgodność dodaje wersję angielską instrukcji, listę kontrolną platform (Airbnb/Booking) i kalendarz terminów.

Co jeśli przepisy się zmienią po zakupie?

Dokumenty są oparte na rozporządzeniu UE 2024/1028 i polskiej ustawie implementującej. Jeśli po zakupie zmieni się coś istotnego, wyślemy zaktualizowane pliki mailem na adres z zamówienia. Bez dodatkowych opłat.

Czy dostanę fakturę?

Tak. Zaznacz Potrzebuję faktury w formularzu zamówienia i podaj NIP. Faktura zostanie wygenerowana automatycznie i wysłana na Twój e-mail.

A co z RODO i danymi gości?

Pakiety Standard i Full zawierają klauzulę informacyjną RODO dla gości oraz instrukcję prowadzenia rejestru. Tłumaczymy krok po kroku, jakie dane możesz zbierać, jak długo je przechowywać i co musi być w regulaminie.

Co to jest CWTON i jak się zarejestrować?

CWTON to Centralny Wykaz Turystycznych Obiektow Noclegowych - obowiazkowy rejestr wprowadzony przez rozporzadzenie UE 2024/1028. Kazdy host wynajmujacy krotkoterminowo na Airbnb, Booking.com lub podobnych platformach musi uzyskac numer CWTON przed 20 maja 2026. Bez niego platforma ma obowiazek zdjac Twoja oferte. Rejestracja odbywa sie online przez system rzadowy. Pakiet HostReady zawiera instrukcje krok po kroku: jak zalozyc konto, jakie dane podac, jak wypelnic formularz i co zrobic po otrzymaniu numeru.

Blog

Regulations & Law

Guest Register in Your Apartment - What, How, and How Long to Store

26 March 2026Pawel Bury

The obligation to keep a guest register applies to every accommodation facility. Here is what you must collect and how long to store it.

Guest Register in a Rental Apartment - Legal Obligation, GDPR, and Practical Templates

Running a short-term rental? You must keep a guest register. This isn't optional or just good practice - it's a legal obligation arising from several laws simultaneously. In this article, we explain what data you must collect, on what legal basis, how long to store it, how to reconcile the register with GDPR, and how to avoid the most common mistakes hosts make.

Legal Basis - Why You Must Keep a Guest Register

The obligation to keep a guest register in accommodation properties comes from several pieces of legislation. Each addresses a slightly different aspect, but together they create a cohesive registration system.

Population Registration Act

The Population Registration Act of September 24, 2010, imposes a registration (meldunek) obligation on persons staying in accommodation properties. People staying outside their permanent address for longer than 30 days should register for temporary residence. Shorter stays don't require formal registration, but the accommodation facility must keep a guest record.

Foreigners Act

The Foreigners Act of December 12, 2013, requires anyone providing accommodation to foreigners to maintain records. This is particularly important - if your guest is a citizen of another country, you have additional reporting obligations to the Border Guard (Straz Graniczna).

Hospitality Services Act

The Hospitality Services Act of August 29, 1997, regulates the rules for providing accommodation services. Any facility offering accommodation must keep a guest register, regardless of whether it's classified as a hotel, guesthouse, or other accommodation property.

EU Regulation 2024/1028

The new EU regulation on short-term rental strengthens the registration obligation. While the regulation primarily concerns property registration and platform data reporting, it indirectly requires hosts to maintain thorough documentation, including a guest register.

What Data You Must Collect

The guest register must contain specific information. The scope of data differs depending on whether the guest is a Polish citizen, EU citizen, or citizen of a third country.

Basic Data (All Guests)

Name and surname
Date of birth
Citizenship
Identity document number (ID card or passport)
Check-in date (arrival date)
Check-out date (departure date)
Room or unit number (if applicable)

Additional Data for Non-EU Foreigners

Passport series and number
Visa number (if applicable)
Purpose of stay
Home address abroad

Data You Should NOT Collect

In accordance with the data minimization principle (GDPR), you should not collect information that isn't necessary to fulfill a legal obligation. Avoid collecting:

PESEL number (unless required by registration regulations in specific situations)
Marital status
Religion
Phone number and email address (unless needed for service delivery - but then on a different legal basis)
Photocopies or photos of identity documents (the document number alone is sufficient)

Register Format - Paper or Digital

Paper Register

The traditional form is a notebook or binder with registration cards. Each guest fills in a card at check-in. Advantages: simplicity, no equipment needed, easy to implement. Disadvantages: hard to search, risk of loss or damage, requires physical storage, harder to protect from unauthorized access.

If you choose paper format, ensure:

A legible form with clearly labeled fields
A GDPR privacy notice on the form
Storage in a locked cabinet or drawer
Card numbering and chronological order

Digital Register

More and more hosts are switching to digital solutions. A digital register can be a spreadsheet, a dedicated app, or a module in a property management system (PMS). Advantages: easy searching, automatic backups, ability to generate reports, easier GDPR compliance (access controls, encryption). Disadvantages: requires hardware and software, risk of technical failure, need for IT security.

Data Retention Period

How long must you keep guest data? This is one of the most frequently asked questions, and the answer isn't straightforward because it depends on the legal basis.

Guest Records (Hospitality Services Act)

Regulations don't precisely specify the retention period. In practice, data should be kept for the period necessary to fulfill the legal obligation and present to regulatory bodies. The recommended period is at least 2 years from the guest's check-out date.

Foreigner Records

Foreigner data maintained for Border Guard reporting should be kept for at least 2 years.

Tax Purposes

If the guest register also serves as documentation confirming rental revenue, the retention period extends to 5 years from the end of the tax year in which the tax obligation arose.

GDPR Principle

GDPR requires that personal data not be stored longer than necessary for the purposes for which it's processed. After the retention period expires, data should be deleted or anonymized. Practical recommendation: store data for 5 years (due to tax purposes), then delete it.

GDPR and the Guest Register - How to Reconcile Them

Maintaining a guest register involves processing personal data and thus falls under GDPR. As a host, you are the data controller of guest personal data and must fulfill a number of obligations.

Legal Basis for Processing

You process guest data based on a legal obligation (Art. 6(1)(c) GDPR) - specifically based on accommodation guest registration regulations. You don't need the guest's consent to enter their data in the register - it's your legal obligation. The guest cannot refuse to provide data required by law, and you cannot accommodate a guest who refuses to provide data.

Information Obligation

You must inform the guest about processing their personal data. The privacy notice should include:

Controller data (your name, surname, contact address)
Processing purpose (maintaining guest records in accordance with law)
Legal basis (legal obligation)
Data retention period
Guest rights (access, rectification, deletion after retention period, right to complain to the Data Protection Authority - UODO)
Information about data recipients (regulatory bodies, Border Guard for foreigners)

You can place the privacy notice on the registration form, in the property rules, or in a visible place at reception (check-in area).

Data Security

You must apply appropriate technical and organizational measures to protect guest data. In practice, this means:

Paper register: locked cabinet, access restricted to authorized persons only
Digital register: access password, file or disk encryption, regular backups, current antivirus software
Both cases: data processing authorizations for persons with access (e.g., cleaning person, co-host)

Reporting Foreigners to the Border Guard

If your guest is a foreigner (citizen of another country), you're obligated to report their stay to the Border Guard (Straz Graniczna) commander or Police station commander. The report should be made within 24 hours of the guest's check-in.

The report can be submitted:

Electronically - through the Border Guard's IT system (preferred form)
In writing - on a reporting form, delivered in person or by mail to the nearest station

The report should contain foreigner data (name, surname, date of birth, citizenship, passport number), stay address, and stay period. Failure to fulfill this obligation is an offense.

In practice, many hosts aren't aware of this obligation or ignore it. This is risky - in case of an inspection, missing reports can result in a fine.

Registration Card Template

Below are the elements a guest registration card should contain for a short-term rental apartment:

Header

Property name / host name and surname, property address, CWTON registration number.

Guest Data

Name and surname
Date of birth
Citizenship
ID document series and number
Home address (optional, required for foreigners)

Stay Data

Check-in date
Check-out date
Number of guests (including children)

GDPR Notice

Abbreviated privacy notice with reference to the full version in the property rules.

Guest Signature

Confirmation of having read the rules and agreement to the stay conditions (the signature isn't consent for data processing - that arises from the legal obligation).

Inspection and Control - What to Expect

The guest register may be subject to inspection by various authorities:

Regional Marshal - inspection of accommodation properties, including guest records
Trade Inspection - verification of legal accommodation services
Border Guard - inspection of foreigner records
Tax Office - verification of proper tax reporting (guest register as revenue documentation)
Data Protection Authority (UODO) - inspection of personal data processing

During an inspection, the authority may request to see the guest register, GDPR notices, property rules, and safety documentation. Missing or incomplete records can result in a warning, a compliance order, or a fine.

Most Common Host Mistakes

No register at all - many hosts don't keep any guest records, assuming it only applies to hotels. That's wrong - it applies to every accommodation property
Photocopying documents - copying ID cards or passports violates the GDPR data minimization principle. Note the document number, don't copy the document
No GDPR notice - collecting data without informing the guest about processing violates the information obligation
Storing data without security - an open notebook by the door, an unprotected Excel file, data in the cloud without encryption
Storing data too long - registers from 10 years ago, never deleted. After the retention period, data should be destroyed
Not reporting foreigners - the Border Guard reporting obligation is often overlooked
Collecting excessive data - asking about marital status, occupation, religion, or phone number on the registration card (collect contact data separately, on a different legal basis)
No data deletion procedure - you must have an established procedure for when and how you delete guest data after the retention period

Digital Tools for Guest Registration

If you want to automate guest registration, consider the following tools:

Chekin - online check-in app with identity verification, automatic guest register, and foreigner reporting. Integrates with Airbnb and Booking.com
GuestReady - short-term rental management platform with a guest registration module
Beds24 - channel manager with guest register functionality and automatic data collection
Google Forms + Sheets - free solution. Send guests a form link before arrival, data goes to a protected spreadsheet
Notion or Airtable - flexible databases where you can create your own registration system with filters, views, and automations

Regardless of the tool chosen, make sure it meets data security requirements (encryption, access control, data deletion capability) and that you have backups.

Summary - The Guest Register Is Not Bureaucracy, It's Your Protection

Keeping a guest register isn't just a legal obligation - it's also your protection. In case of a dispute with a guest, an insurance claim, or a regulatory inspection, a properly maintained register is evidence that you operate legally and responsibly. Investing time in creating a good registration system pays off many times over in peace of mind and legal security.

Don't want to search for templates and regulations on your own? The HostReady Package includes complete documentation, fill-in templates, and checklists - ready to use right after purchase.