Applications of persons regarding processing of their personal data in SIS and VIS

Applications of persons regarding processing of their personal data in SIS and VIS

CTA NITS  – Central Technical Authority of the National IT System (CTA NITS) – The Commander in Chief of the Police as the data controller, in accordance with art. 10 of the Act of 24 August 2007 on the Participation of the Republic of Poland in the Schengen Information System (Journal of Laws in 2021, item 1041 as amended) – Act SIS and VIS.  CTA NITS examines the applications of persons regarding processing of their personal data in the Schengen Information System (SIS) and Visa Information System (VIS).

 

I. Data administrator

Central Technical Authority of the National IT System – The Commander in Chief of the Police

ul. Puławska 148/150
02-624 Warsaw

tel office: 47 72 148 79, 47 72 131 45
fax office: 47 72 129 21

II. Data Protection Officer

ul. Puławska 148/150
02-624 Warsaw

tel 47 72 127 34,
fax 47 72 128 73

e-mail:bbi@policja.gov.pl

III. Purpose and legal basis for the processing of personal data in SIS and VIS

1) Schengen Information System

General objectives are defined:

Generally, the purpose of SIS II is to ensure, using information provided through this system, a high level of security within the area of freedom, security and justice of the European Union, including maintenance of public security and public policy and the safeguarding of security in the territories of the Member States and ensure respect of matters falling within the scope of:

  • Chapters 2 of Title V of Part Three of the Treaty on Functioning of the European Union (TFEU) relating to the movement of persons on their territories (art. 1 Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006, OJ L 312, 7.12.2018, p. 14) – Regulation 1861
  • Chapters 4 and 5 of Title V of Part Three of the Treaty on Functioning of the European Union (TFEU) relating to the movement of persons on their territories (art. 1 Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU, OJ L 312, 7.12.2018, p. 56) – Regulation 1862
  • Act SIS and VIS

Personal data contained in SIS alerts may be processed for purposes other than those in which those entries were made if it is related to a specific case and justified by the need to prevent an immediate serious public order or public security threat or where it is justified by serious reasons of national security or the need to prevent serious crimes.

2) Visa Information System

General objectives are defined:

  • Regulation (EC) No 767/2008 of the European Parliament  and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 28.12.2006, p. 4–23, as amended) - Regulation VIS
  • Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences (OJ L 218/129, 13.08.2008, , as amended) - Decision VIS
  • Act SIS and VIS.

The general objectives of the VIS are set out in art. 2 of the Regulation VIS, which includes improving the implementation of the common visa policy, consular cooperation and consultation between central visa authorities by facilitating the exchange of data between Member States on applications and on the decisions relating thereto, in order to:

  1. facilitate the visa application procedure;
  2. prevent the bypassing of criteria for the determination of the Member State responsible for examining the application;
  3. facilitate the fight against fraud;
  4. facilitate checks at external border crossing points and within the territory of the Member States.

IV. Profiling in the case of VIS data processing

Decisions taken by the competent authorities with a view to examining the application for a visa, checking any unauthorised visa or fulfilling the conditions for entry or stay into the territory of the Republic of Poland or a Member State may be based solely on automated processing of personal data (Article 11 paragraph 2 Act SIS and VIS).

V. Limitations on access to personal data processed in SIS and VIS

  1. Art. 11 Act SIS and VIS

The data may be used without the knowledge and consent of the persons whom this data concerns and there is no obligation to disclose the goal for which the data is being collected.

  1. Art. 26 of the Act of 14 December 2018 on the protection of personal data processed in connection with the prevention and combating of crime  (Journal of Laws, item 125 as amanded) - Act d.p.c.c.

The information referred to in the provisions of this Chapter shall not be communicated and personal data shall be made available where:

  1. disclosure of information obtained from operational and exploratory activities;
  2. obstructing or preventing the recognition, prevention, detection or suppression of criminal offences;
  3. impede the conduct of criminal, executive, fiscal or fiscal criminal proceedings;
  4. threats to life, human health or safety and public order;
  5. the threat to national security, including the defence or security, and the economic fundamentals of the State;
  6. a material breach of other persons’ personal rights.

The controller may communicate the information referred to in paragraph to the data subject  where disclosure would be necessary for the protection of human life or health.

  1. Art. 3 - 5 of the Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws of 2018 item 1000 and 1669) - UODO in connection with art. 23 par. 1 lit. a, c, d and lit. and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 381, 28.12.2006, p. 4–23, as amended) - RODO and taking into account art. 11 Act SIS and VIS.

The above rights to request from the administrator access to their personal data, rectification, deletion, restricting their processing or objecting to their processing resulting from the RODO shall be subject to restrictions on access to the requested information and personal data and subject to limitations related to data processing personal data resulting from the above regulations.

  1. Art. 67 par. 3 of the Regulation 1862 and art. 53 par. 3 of the Regulation 1861

A Member State shall take a decision not to provide information to the data subject, in whole or in part, in accordance with national law, to the extent that, and for as long as such a partial or complete restriction constitutes a necessary and proportionate measure in a democratic society with due regard for the fundamental rights and legitimate interests of the data subject concerned, in order to:

  • avoid obstructing official or legal inquiries, investigations or procedures;
  • avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties;
  • protect public security;
  • protect national security;
  • protect the rights and freedoms of others.

In cases referred to in the first subparagraph, the Member State shall inform the data subject in writing, without undue delay, of any refusal or restriction of access and of the reasons for the refusal or restriction. Such information may be omitted where its provision would undermine any of the reasons set out in points (a) to (e) of the first subparagraph. The Member State shall inform the data subject of the possibility of lodging a complaint with a supervisory authority or of seeking a judicial remedy.

 

VI. FORMAL CONDITIONS FOR PROPOSALS ON THE IMPLEMENTATION OF THE RIGHTS CONNECTED WITH THE PROCESSING OF PERSONAL DATA IN SIS AND VIS

THE RIGHT OF PEOPLE FOR INFORMATION – general information

  1. Every person has the right to:
    1. access to own personal data;
    2. rectification of incorrect personal data/correction of inaccurate personal data;
    3. erasure of personal data unlawfully processed;
    4. file a complaint to the President of the Personal Data Protection Office
    5. withdraw consent to the addition personal data to SIS (giving the consent to facilitate solving problems related with misuse of identity) for the following purposes:
      • to allow the competent authority to distinguish the person whose identity has been misused from the person intended to be the subject of the alert;
      • to allow the person whose identity has been misused to prove his or her identity and to establish that his or her identity has been misused.
  2. A person may be represented by a proxy, unless the nature of the act requires his/her personal action, in accordance with art. 32 of the Act of 14 June 1960, the Polish Administrative Code (Journal of Laws of 2022, item 2000, as amended).
  3.  Rules of giving legal proxy are set in art. 33 the Polish Administrative Code, i.e.:
    1. the proxy of a party can be natural person having legal capacity;
    2. the proxy should be submitted in writing;
    3. the proxy attaches to the file an original or officially certified copy of the proxy.

A lawyer or a legal advisor and patent agent can certify a copy of a proxy given to them.

SCHENGEN INFORMATION SYSTEM (SIS)

  1.  Access to your personal data processed in SIS

For this purpose, a written application should be submitted in Polish, which should obligatorily include:

  1. name(s) and surname of the applicant;
  2. citizenship;
  3. date and place of birth (city and country);
  4. address for return correspondence (country, city, postal code, poviat/area, voivodeship/district, street and house/apartment number) - in the case of an application sent by post;
  5. the subject of the application;
  6. handwritten signature of the person submitting the application.

Additionally, in order to unambiguously identify the data, the applicant may provide in the application:

  1. previous/family name;
  2. PESEL number (if the person has it);
  3. sex;
  4. place of residence (country, city, postal code, poviat/area, voivodeship/district, street and house/apartament numer);
  5. attach a photo copy of the page of the identity document containing personal data.

In case of doubts as to the identity of the person who submitted the application, the administrator may request additional information necessary to confirm the person's identity (Article 28 Actd.p.c.c. and Article 12 paragraph 6 GDPR).

  1. Request for rectification of inaccurate personal data processed in SIS, erasure of personal data unlawfully processed in SIS and withdraw consent to the addition personal data to SIS (giving the consent to facilitate solving problems related with misuse of identity)

For this purpose, a written application should be submitted in Polish, which should obligatorily include:

  1. name and surname of the applicant;
  2. citizenship;
  3. date and place of birth (city and country);
  4. address for return correspondence (country, city, postal code, poviat/area, voivodeship/district, street and house/apartament number) - in the case of an application sent by post;
  5. the subject of the request with justification:
    • in the case of rectification of inaccurate personal data processed in SIS, please specify what data should be corrected or which are untrue and provide correct data and provide justification confirming the legitimacy of the request;
    • in the case of erasure of personal data unlawfully processed in SIS, please specify what data should be erasure and indicate the justification confirming the legitimacy of erasure of this data;
    • in the case of withdraw consent to the addition personal data to SIS (giving the consent to facilitate solving problems related with misuse of identity) please clearly indicate your consent to the addition personal data to SIS is withdraw;
  6. handwritten signature of the person submitting the application.

Additionally, in order to unambiguously identify the data, the applicant may provide in the application:

  1. previous/family name;
  2. PESEL number (if the person has it);
  3. sex;
  4. place of residence (country, city, postal code, poviat/area, voivodeship/district, street and house/apartment number);
  5. attach a photocopy of the page of the identity document containing personal data.

In case of doubts as to the identity of the person who submitted the application, the administrator may request additional information necessary to confirm the person's identity (Article 28 Actd.p.c.c. and Article 12 paragraph 6 GDPR).

  1. The application to CTA NITS can be directed to:
    1. By post:
      Centralny Organ Techniczny KSI
      Komenda Główna Policji
      ul. Puławska 148/150
      02-624 Warszawa
      Polska
    2. via an electronic inbox available on the website: http://bip.kgp.policja.gov.pl/kgp/elektroniczna-skrzynka/11424,Elektroniczna-skrzynka-podawcza.html
  2. Application template:

You can use the form below to submit an application.

REQUEST FORM FOR THE PROCESSING OF PERSONAL DATA IN SIS

VISA INFORMATION SYSTEM (VIS)

  1.  Access to your personal data processed in VIS

For this purpose, a written application should be submitted in Polish, which should obligatorily include:

  1. name(s) and surname of the applicant;
  2. citizenship;
  3. date and place of birth (city and country);
  4. address for return correspondence (country, city, postal code, poviat/area, voivodeship/district, street and house/apartament number) - in the case of an application sent by post;
  5. the subject of the application;
  6. handwritten signature of the person submitting the application.

Additionally, in order to unambiguously identify the data, the applicant may provide in the application:

  1. previous/family name;
  2. PESEL number (if the person has it);
  3. sex;
  4. attach a photocopy of the page of the identity document containing personal data.

In case of doubts as to the identity of the person who submitted the application, the administrator may request additional information necessary to confirm the person'sidentity (Article 28 Actd.p.c.c. and Article 12 paragraph 6 GDPR).

  1. Request for correction of inaccurate data processed in VIS and deletion of personal data unlawfully processed in VIS

For this purpose, a written application should be submitted in Polish, which should obligatorily include:

  1. name(s) and surname of the applicant;
  2. citizenship;
  3. date and place of birth (city and country);
  4. address for return correspondence (country, city, postal code, poviat/area, voivodeship/district, street and house/apartment number) - in the case of an application sent by post;
  5. the subject of the request with justification:
    • in the case of correction of inaccurate data processed in VIS, please specify what data should be corrected or which are untrue and provide correct data and provide justification confirming the legitimacy of the request;
    • in the case of deletion of personal data unlawfully processed in VIS, please specify what data should be deleted and indicate the justification confirming the legitimacy of deletion of this data;
  6. handwritten signature of the person submitting the application.

Additionally, in order to unambiguously identify the data, the applicant may provide in the application:

  1. previous/family name;
  2. PESEL number (if the person has it);
  3. sex;
  4. attach a photocopy of the page of the identity document containing personal data

In case of doubts as to the identity of the person who submitted the application, the administrator may request additional information necessary to confirm the person'sidentity (Article 28 Actd.p.c.c. and Article 12 paragraph 6 GDPR).

  1. The application to CTA NITS can be directed to:
  1. By post:
    Centralny Organ Techniczny KSI
    Komenda Główna Policji
    ul. Puławska 148/150
    02-624 Warszawa
    Polska
  2. via an electronic inbox available on the website: http://bip.kgp.policja.gov.pl/kgp/elektroniczna-skrzynka/11424,Elektroniczna-skrzynka-podawcza.html
  1. Application template:

You can use the form below to submit an application.

REQUEST FORM FOR THE PROCESSING OF PERSONAL DATA IN VIS

 

CONTACT

IN THE CASE OF ADDITIONAL QUESTIONS CONCERNING THE RULES FOR SUBMISSION OF APPLICATIONS

Tel.:

+ 48 47 72 153 11
+ 48 47 72 153 36
+ 48 47 72 137 67
+ 48 47 72 153 10
+ 48 47 72 138 04

RIGHT TO BRING A COMPLAINT

  1. Any person whose data is processed in SIS or VIS has the right to lodge a complaint to the President of the Personal Data Protection Office (PPDPO) in the event that the processing of personal data violates the provisions on the protection of personal data or when personal data is processed unlawful. Detailed information: www.uodo.gov.pl
  2. Complaint to PPDPO can be directed:
  1. by post:
    Prezes Urzędu Ochrony Danych Osobowych
    ul. Stawki 2
    00-193 Warszawa
    Polska
  2. via an electronic inbox available on the website: www.uodo.gov.pl

Legal basis:

REQUEST FORMS

Back to top