Visa Information System
The Visa Information System (VIS) allows Schengen States to exchange visa data. It consists of a central IT system and of a communication infrastructure that links this central system to national systems. VIS connects consulates in non-EU countries and all external border crossing points of Schengen States. It processes data and decisions relating to applications for short-stay visas to visit, or to transit through, the Schengen Area. The system can perform biometric matching, primarily of fingerprints, for identification and verification purposes.
Data is fed into the VIS by national authorities. The authorities with access to VIS must ensure that its use is limited to that which is necessary, appropriate and proportionate for carrying out their tasks. Furthermore, they must ensure that in using VIS, the visa applicants and holders are not discriminated against and that their human dignity and integrity are respected.
What kind of data is stored in the VIS database?
10 fingerprints and a digital photograph are collected from persons applying for a visa. These biometric data, along with data provided in the visa application form, are recorded in a secure central database.
10-digit finger scans are not required from children under the age of 12 or from people who physically cannot provide finger scans. Frequent travellers to the Schengen Area do not have to give new finger scans every time they apply for a new visa. Once finger scans are stored in VIS, they can be re-used for further visa applications over a 5-year period.
At the Schengen Area's external borders, the visa holder's finger scans may be compared against those held in the database. A mismatch does not mean that entry will automatically be refused - it will merely lead to further checks on the traveller’s identity.
In accordance with Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) data is stored in the VIS database if:
- it is entered immediately upon application (Art.9)
- stored once a visa is issued (Art.10);
- the visa request examination process is discontinued (Art.11);
- the visa was refused (Art.12);
- the visa was revoked (Art.13);
- the visa is extended (Art.14).
Data stored into the database concerns the identity of the authority examining the application, elements (like date, type of the visa) on the application process itself, the name of the applicant, the purpose of the travel, the length of the stay, a photography and a fingerprint.
Data is kept in the VIS system for up to 5 years, but if the data subject obtains a Member State's citizenship, his record must be erased immediately.
Which countries use VIS and who operates it?
As a Schengen instrument, VIS applies to all Schengen States (Denmark has decided to implement it). The EU Agency for large-scale IT systems, eu-LISA, is responsible for the operational management of VIS.
Who can access VIS?
Competent visa authorities may consult the VIS for the purpose of examining applications and decisions related thereto.
The authorities responsible for carrying out checks at external borders and within the national territories have access to search the VIS for the purpose of verifying the identity of the person, the authenticity of the visa or whether the person meets the requirements for entering, staying in or residing within the national territories.
Asylum authorities only have access to search the VIS for the purpose of determining the EU State responsible for the examination of an asylum application.
In specific cases, national authorities and Europol may request access to data entered into the VIS for the purposes of preventing, detecting and investigating terrorist and criminal offences. (see Council Decision 2008/633/JHA of 23 June 2008 for further information).
What are the data subject's rights?
Visa applicants must be given appropriate information from the national authorities that handle their request for a visa. This information should cover the nature of the data that is collected, the purpose of the collection, the period of retention of the data, which information is compulsory for the visa application process and which one isn't, and who can be granted access to this data.
Data subjects have a right to access their data, and ask for correction of false information as well as request deletion of unlawfully collected data. Each State being responsible for the data it feeds into the VIS, data subjects who are victims of unlawful VIS data processing may sue for compensation.
National data protection authorities and the European Data Protection Supervisor (EDPS) cooperate to ensure the compliance of the VIS database with data protection rules.
In accordance with EU and Hungarian law, each person has the right to:
- access VIS-stored information related to the person
- request the correction of inaccurate or false data
- request the removal of its unlawfully processed data
- turn to the courts or another competent authority to request the correction or removal of inaccurate data or petition for compensatory damages
WHEN IN HUNGARY
The request has to be lodged in Hungary to the National Directorate-General for Aliens Policing
H-1117 Budapest, Budafoki út 60,
The authority has the right to refuse requests but is obliged to inform the person about the fact of and the reason for denial. Should you find that the authority is not adequately responsive to your request, you then may turn to the Hungarian National Authority for Data Protection and Freedom of Information:
National Authority for Data Protection and Freedom of Information
Postal address: 1530 Budapest, Pf.: 5.
Office address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Tel: +36 1 391-1400
Fax: +36 1 391-1410