Information in accordance with Art. 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
Last updated on 25 October 2019
The Federal Foreign Office will use your personal data when processing your application. Personal data means any information relating to an identified or identifiable natural person. The following information regarding our data processing procedures is provided for your assistance and in order to comply with our obligations pursuant to Articles 13 and 14 of the GDPR:
1. Who is responsible for processing of my data, and who is the Data Protection Commissioner?
Responsibility for processing your personal data as data controller pursuant to Article 4 (7) of the GDPR lies with the Federal Foreign Office and the German missions abroad, which together constitute a unitary federal authority.
Federal Foreign Office
Werderscher Markt 1
10117 Berlin, Germany
Postal address: Federal Foreign Office, 11013 Berlin, Germany
You can contact the Federal Foreign Office Data Protection Commissioner as follows:
Federal Foreign Office Data Protection Commissioner
Werderscher Markt 1
10117 Berlin, Germany
Tel.: +49 (0)30 1817 2711
Fax: +49 (0)30 1817 5 1733
Contact form: www.auswaertiges-amt.de/en/newsroom/datenschutz/kontakt-datenschutz
2. Which data are processed when I apply for a visa, and where do the data come from?
The categories of personal data to be processed include data requested in the visa application form. These generally include, in particular, your surname, name at birth, first name, date and place (including the country) of birth, gender, nationality/nationalities, marital status, current address, telephone number, email address, occupation, details of your travel document (type of document, serial number, issuing state and authority, date of issue, expiry date), your photograph and fingerprints.
The data in these categories derive from the information you provide in the course of the Schengen visa application process.
Further information is required when applying for a national visa, e.g.:
Information about spouse/civil partner, information about children, information about parents, previous periods of residence, purpose of the intended stay, criminal record, expulsions, deportations and information about diseases.
3. What data are processed when I issue a letter of invitation for someone to use to apply for a visa, and where do the data come from?
The categories of personal data to be processed include data relating to the person issuing the invitation as requested in the visa application form. This includes, in particular, your surname and first name, address, fax number and email address.
The data in these categories derive from the information you provided in the invitation letter and by the applicant in the course of the visa application process.
4. Why are my data collected, and what happens if they are not?
You data are collected as this is necessary for the proper processing of the visa application and is required by law. If you apply for a visa, you are required under section 82 of the Residence Act (Aufenthaltsgesetz) to provide the data required for the processing of the application and to make available the necessary evidence. If your data are not provided, your application may be rejected and the fee retained.
5. For which purposes and on which legal basis are my data processed?
Your personal data are processed solely in order to ensure the proper processing of the visa application.
The legal bases are Art. 6 (1) (c) and (e) and Art. 6 (2) of Regulation (EU) 2016/679 (General Data Protection Regulation) in conjunction with Regulation (EC) No. 767/2008 (VIS Regulation) and Regulation (EC) No. 810/2009 (Visa Code) including its Annexes, and sections 72a et seqq. of the Residence Act and section 69 of the Ordinance Governing Residence, as well as the Central Register of Foreigners Implementing Regulation (AZRG-DV), the Visa Warning File Act (VWDG) and further special regulations as appropriate.
6. How long are my data used for?
Your data are deleted as soon as they are no longer required for completion of the visa application procedure. They are generally deleted two years after the visa procedure has been completed, but at the latest five years after the final decision on the visa application, irrespective of the type of the visa.
7. Who receives my data?
Your data are transferred to third parties only where necessary for the proper processing of the visa application. As part of this procedure, it is likely that your personal data will be passed to the competent authorities in Germany, to the responsible visa offices of other Schengen member states or to the responsible authorities in your place of planned or intended habitual residence. In the event that an external service provider is tasked with the performance of individual steps in the visa application process, your data will be collected by or transmitted to such service provider insofar as this is required in order to execute the process. Data are only transmitted to recipients outside the European Union if this is permissible in accordance with Chapter 5 of the GDPR.
8. What data protection rights can I invoke as a data subject?
As a data subject, you have the following rights if the relevant conditions have been met:
- Right of access (Article 15 GDPR)
- Right to rectification (Article 16 GDPR)
- Right to erasure (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object to processing (Article 21 GDPR).
9. Where can I submit a complaint?
You have the right to complain to a data protection authority about the processing of your personal data. The supervisory authority responsible for the Federal Foreign Office and the German missions abroad is:
The Federal Commissioner for Data Protection and Freedom of Information – Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstr. 30, 53117 Bonn, Germany, tel.: +49 228-997799-0, Fax: +49 228- 997799-5550, firstname.lastname@example.org, www.bfdi.bund.de