Privacy statement regarding visa applications
17.08.2022 / 19:45 | Aktualizováno: 03.01.2023 / 16:37
The following information pertains to persons whose personal data are processed in the course of a visa procedure: visa applicants, persons issuing invitations and/or persons liable to provide financial means for applicants´ stay in Czechia / Schengen Area. The following information provides guidance on the manner and extent of personal data processing, including the data subjects´ rights.
The collection of your personal data on the visa application form, including collecting your photograph and fingerprints, is mandatory for the examination of your visa application. Without providing your personal data, no decision can be made on your visa application.
1. Authorities responsible for personal data processing during the visa process in Czechia
Visa Department
Loretánské náměstí 5
CZ-118 00 Praha 1
e-mail: epodatelna@mzv.cz
Directorate of Alien Police Service
Olšanská 2
P. O. BOX 78
CZ-130 51 Praha 3
e-mail: pp.rscp.sekretariat@pcr.cz
Nad Štolou 3
P. O. Box 21
CZ-170 34 Praha 7
e-mail: posta@mvcr.cz.
Contact to Data Protection Officers:
Ministry of Foreign Affairs
Loretánské náměstí 5
CZ-118 00 Praha 1
e-mail: poverenec@mzv.cz
Police Presidium
Strojnická 27
P. O. BOX 62/K-SOU
CZ-170 89 Praha 7
e-mail: pp.sou@pcr.cz
Ministry of the Interior
Nad Štolou 3
CZ-170 34 Praha 7
e-mail: poverenec@mvcr.cz
2. Legal basis for personal data processing during the visa process in Czechia
The legal basis for processing visa applications and thus for processing personal data are set out in Regulation (EC) No 767/2008 (VIS Regulation), Regulation (EC) No 810/2009 (Visa Code) and Council Decision 2008/633/JHA.
General Data Protection Regulation (GDPR) is in force not only all the European Union (EU) Member States (including Czechia). The same level of data protection is ensured in the non-EU states participating in the Schengen Area: Iceland, Lichtenstein, and Norway. Regarding Switzerland, the European Commission considers this country as providing adequate level of data protection.
Apart from the GDPR, there are other legal regulations protecting personal data, especially the Act No. 110/2019 Coll., on processing of personal data, which adapts the GPPR rules for the implementation in Czechia.
The collected personal data are used by the diplomatic and consular missions of the Czech Republic abroad as a basis for their decision on visa applications, which is one of their public tasks (Article 6 para 1 letter e) GDPR, Article 9 para 2 letter g) GDPR – e.g. fingerprints (biometric data)).
3. Sharing your personal data with other authorities and third parties
Personal data provided by the applicant on the visa application form and information regarding the decision on the application or, if relevant, the decision to cancel, revoke or extend the visa are entered into the National Visa Information System (NVIS) and the European Visa Information System (VIS).
Personal details provided in the visa application form, photo and fingerprints are shared with competent authorities of other Schengen Area Member States before a decision is made. Information entered in the VIS can be accessed by visa authorities and other authorities competent for checking visas at external borders and on the Schengen Area territory, immigration and asylum authorities of the Schengen Area Member States for the purposes of verifying entry and stay conditions and of identifying persons who do not or no longer meet these conditions, and for the purposes of examining asylum applications.
Under certain conditions, personal data can also be made available to other designated authorities of the Schengen Area Member States and to Europol for the purpose of the prevention, detection and investigation of terrorist offences and of other serious criminal offences (Council Decision 2008/633/JHA).
When processing a visa application, the Ministry of Foreign Affairs may share some personal data also with other third parties if cooperating with external service providers handling visa applications in visa centres (outsourcing). It is ensured that the GDPR rules and principles are observed in these situations.
Finally, personal data might also be transferred to third countries or international organizations for the prupose of proving identification of third-country nationals, including for the purpose of return. Such transfer may only take place under specific conditions.* You can contact a Czech authority responsible for personal data processing to obtain further information on these conditions and how they are observed in your specific case.
4. Your rights
Under the GDPR** and the VIS Regulation***, you are entitled to obtain access to your personal data, including its copy, as well as the identification of the Schengen Area Member State which transmitted the personal data to the VIS. You also have the right to request your personal data, which is inaccurate or incomplete, is corrected or completed or that the processing of your personal data is restricted under certain conditions or that your personal data processed unlawfully is erased.
You may address your request for access, correction, restriction or erasure directly to the authority responsible for processing the data in Czechia (see contact details above).
If you suspect or know that the protection of your personal data has been breached, you may contact the Data Protection Officer of the Ministry of Foreign Affairs who also exercises the competence in relation to the Czech diplomatic or consular missions abroad (see contact details above).
You can also address any individual Schengen Area Member State to find out what information about you is stored in the VIS and to exercise your rights.
You are also entitled to lodge a complaint with the national supervisory data protection authority of any Schengen Area Member State, in particular of the Member State of the alleged infringement, if you consider that your data is unlawfully processed.
National supervisory authority Czechia:
Office for Personal Data Protection
Úřad pro ochranu osobních údajů
pplk. Sochora 727/27
170 00 Prague 7 – Holešovice
e-mail: posta@uoou.cz
The list of the supervisory authorities of the individual Schengen Area Member States is available at the website of the Office for Personal Data Protection.
5. Retention period for personal data
Personal data are stored in the NVIS and VIS for up to five years.
Personal data in the physical form (on paper) are stored for three years, with exception of the personal data related to a refused visa application, which are stored for five years.
-----
* Article 31 of Regulation (EC) No 767/2008 (VIS Regulation)
** Articles 15 to 19 of Regulation (EU) 2016/679 (General Data Protection Regulation)
*** Article 38 of Regulation (EC) No 767/2008 (VIS Regulation)
Forms:
Complaint Concerning Processing of Personal Data in the VIS (PDF, 129 KB)
Follow us on