The Federal Foreign Office will use your personal data when processing your application. Personal data means any information relating to an identified or identifiable natural person. The following details regarding our data processing procedures are provided for your information and in compliance with our obligations under Articles 13 and 14 of the GDPR:

Who is responsible for the processing of my data, and who is the data protection officer?

The “data controller” responsible for the processing of your personal data pursuant to Article 4 (7) of the GDPR is the Federal Foreign Office and the German missions abroad, which together constitute a unitary federal authority.

Auswärtiges Amt
Werderscher Markt 1
10117 Berlin
Germany
(Postal address: Auswärtiges Amt, 11013 Berlin, Germany)

Tel.: +49 30 18-17-0
Fax: +49 30-18-17-3402
Website: www.auswaertiges-amt.de

Contact form

The Federal Foreign Office Data Protection Commissioner can be contacted as follows:

Datenschutzbeauftragter des Auswärtigen Amts
Werderscher Markt 1
10117 Berlin
Germany

Tel.: + 49 30 18-17 0

Contact form

What data does the mission abroad process when I apply for a visa, and where do these data come from?

The categories of personal data that are processed include those requested in the visa application form. These generally include items such as your surname, first name, name at birth, date and place (including country) of birth, gender, nationality/nationalities, marital status, current address, telephone number, email address, occupation, travel document details (type of document, serial number, issuing state and authority, date of issue, expiry date), photograph and fingerprints.

Further information is required when applying for a national visa, e.g. information about your spouse/partner, your children, your parents; previous stays in the country; the purpose of the intended stay; any criminal record, expulsions, deportations; information about any illnesses.

The data in these categories are taken from the information you provide in the course of the visa application process.

What data does the mission abroad process when I provide an invitation letter for someone to use in their visa application, and where do these data come from?

The categories of personal data that are processed include those requested in the visa application form relating to the person issuing the invitation. These include, in particular, your surname and first name, address and email address.

The data in these categories are taken from the information provided by you in the invitation letter and by the applicant in the course of the visa application process.

Why are my data collected, and what happens if they are not?

Your data are collected as this is necessary to ensure that we can properly process the visa application and because it is required by law. If you apply for a visa, you are required under section 82 of the Residence Act (AufenthG) to provide the data and documentation needed for the processing of your application. If your data are not provided, your application may be rejected and the fee will not be refunded.

For what purposes and on what legal basis are my data processed?

Your personal data are processed solely in order to ensure the proper processing of the visa application.

The legal basis is provided by Art. 6 (1) (c) and (e) as well as Art. 6 (2) of the GDPR in conjunction with Regulation (EC) No. 767/2008 (VIS Regulation) and Regulation (EC) No. 810/2009 (Visa Code) including its Annexes, or in conjunction with sections 72a et seqq. of the Residence Act (AufenthG) and section 69 of the Ordinance Governing Residence (AufenthV), as well as the implementing regulation on the Central Register of Foreigners Act (AZRG-DV), the Visa Warning File Act (VWDG) and, if applicable, further special regulations or section 3 of the Federal Data Protection Act (BDSG 2018).

How long are my data used for?

Your data are deleted as soon as they are no longer required for the processing of the visa application. They are generally deleted two years after the process has concluded, and at the latest five years after the final decision on your application.

Who receives my data?

Your data are transmitted to third parties only where necessary to ensure the proper processing of the visa application. This may mean they are transmitted to the competent authorities in Germany, to visa offices and central authorities of other Schengen States or to the competent authorities at your place of habitual residence. Data are only transmitted to recipients outside the European Union if this is permissible under Chapter 5 of the GDPR.

If an external service provider is tasked with carrying out individual steps in the visa application process, your data are collected by or transmitted to this service provider where required for the completion of the process. The service provider receives applications for visas and forwards them to the Embassy or Consulate General. The service provider processes personal data on behalf of the Federal Foreign Office as a “processor” within the meaning of Article 28 of the GDPR. The Federal Foreign Office remains the controller responsible for the processing of data (see section 1 above for the controller’s name and contact information). The processor ensures that your data are processed in accordance with the requirements of the GDPR and the Federal Data Protection Act (BDSG 2018) and that your rights are protected. To this end, the Federal Foreign Office has a contract with the processor which includes the stipulations contained in Article 28 (3) of the GDPR and guarantees that your data will be handled with due care.

The data that you are asked to provide in the application form for a Schengen visa (C visa), as well as your photograph and fingerprints, and data relating to the decision on your application or a decision to annul, revoke or extend a visa, are entered into the European Visa Information System (VIS) and stored there for a maximum of five years. During this period, the visa authorities and the authorities responsible for checking visas at the external borders and in the territory of the member states, as well as the immigration and asylum authorities in the member states, have access to the data in order to check whether the conditions for legal entry into and legal stays in the territory of the member states are met. This enables them to identify persons who do not meet or no longer meet these conditions, to examine asylum applications and to determine which member state is responsible for any such examination. In order to prevent, detect and investigate terrorism and other serious crimes, specific member state authorities and Europol also have access to these data under certain conditions. The member state competent authority for data processing is the Federal Office of Administration (BVA):

Bundesverwaltungsamt
50728 Köln
Germany
Email: eu-zentrale-services@bva.bund.de

Further information on data processing in the VIS is available here.

Data are processed in the VIS in cooperation with the Federal Foreign Office. The Federal Office of Administration and the Federal Foreign Office (the “joint controllers”) have concluded an arrangement on their joint responsibility for the processing of personal data pursuant to Article 26 of the GDPR. Further information is available here.

If you would like to know what data relating to you are stored in the VIS and which member state transmitted these data to the VIS, you can request this information from the Federal Office of Administration here.

What data protection rights can I exercise?

As a “data subject” whose data have been collected, you have the following rights if the relevant conditions are met:

• Right of access (Article 15 of the GDPR)

• Right to rectification (Article 16 of the GDPR)

• Right to erasure (Article 17 of the GDPR)

• Right to restriction of processing (Article 18 of the GDPR)

• Right to data portability (Article 20 of the GDPR)

• Right to object to processing (Article 21 of the GDPR)

What data protection rights can I exercise?

You have the right to complain to a data protection authority about the processing of your personal data. The supervisory authority responsible for the Federal Foreign Office and the German missions abroad is the Federal Commissioner for Data Protection and Freedom of Information:

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn
Germany
Tel.: +49 228-997799-0

Email: poststelle@bfdi.bund.de

Website: www.bfdi.bund.de