PERSONAL DATA PROTECTION I. Terms related to the protection of personal data For better understanding of the text on the rights of data subjects with respect to the protection of personal data, we provide an explanation of the terms used, as defined by Act No. 428/2002 Coll. on the Protection of Personal Data as amended: Personal data: Data relating to an identified or identifiable natural person, while such person is one that can be identified, directly or indirectly, in particular by reference to one or more characteristics or factors specific to his physical, physiological, psychic, mental, economic, cultural or social identity. Information system: Any structured file, system or database containing one or more personal data systematically processed for the needs of achieving a purpose according to specific criteria and conditions, while using automated, partially automated or other than automated means of processing (e.g. card index, list, register, files, records, documents, contracts, assessments, etc.) Note: intentionally abbreviated Authorised person Any natural person who comes into contact with personal data in the context of their employment, civil service, service relationship or membership, based on authorisation, election or appointment or in the context of the performance of a public office, who may process personal data only upon instruction of the controller, controller s representative or processor. Every such person is instructed about the principles of processing personal data in accordance with the personal data protection act. Data subject: Any natural person whose personal data are being processed. Responsible person: A person appointed by the controller to oversee adherence to legal regulations in the processing of personal data. Controller: A state administration authority, territorial self-government authority, other public authority body or a legal or natural person that alone or jointly with others determines the purposes and means of the processing of personal data. 1
II. The rights of data subjects Article 1 Legislative framework of the protection of personal data: The protection of personal data in the Slovak Republic is governed by Act No. 428/2002 Coll. on the Protection of Personal Data as amended (hereinafter referred to as the personal data protection act ). The oversight of the protection of personal data is carried out by the Personal Data Protection Office (hereinafter referred to as the Office ), which is a state administration authority with national competence. Article 2 The position of the Ministry of Foreign Affairs of the Slovak Republic with respect to the processing of personal data. Being a central state administration authority for the area of foreign policy, the Ministry of Foreign Affairs of the Slovak Republic (hereinafter referred to as the MFA SR ) is a controller of information systems processing personal data of nationals of the Slovak Republic, as well as nationals of other states, who have for any reason entered into contact with the MFA SR or its offices abroad (diplomatic missions and their consular departments, General Consulates) and provided their personal data for purposes defined by law. Consular offices at individual Slovak diplomatic missions and General Consulates abroad process personal data of data subjects in the context of their administrative activities and the data are processed by instructed personnel authorised to process these data. Documents containing personal data of data subjects are delivered, using a standard procedure, to the relevant public administration authorities for further processing according to the individual types of administrative activities (e.g. register offices - Act No. 154/1994 Coll. on Registry offices; passports Act No. 381/1997 Coll. on Passports; residence of foreigners in Slovakia Act No. 404/2011 Coll. on the Residence of Foreigners and on Amendment and Supplementation of Certain Laws, etc.). The principle of legality is applied in the processing of personal data at the MFA SR and its offices. MFA SR guarantees the fair and legal processing of personal data of each data subject and these data are acquired only to an extent and for a purpose explicitly defined by law. The personal data acquired are processed in compliance with the principles of ethic conduct and the MFA SR refrains from acting in a way that would be at variance with or evade this act or any other generally binding legal regulations. Article 3 The rights of a data subject Under 20 of the personal data protection act, every data subject is entitled to request in writing from a controller of information systems (including the MFA SR): a) information about the state of processing of his personal data in the information system in a generally intelligible form and to the extent specified under 26 (3) of the personal data protection act, b) exact information, in a generally intelligible form, about the source from which it obtained his personal data for processing, 2
c) a copy of his personal data, in a generally intelligible form, which constitutes the subject of processing, d) correction of inaccurate, incomplete or outdated information, which constitutes the subject of processing, e) destruction of his personal data, provided that the purpose of processing these data under 13 (1) has been served. If the subject of the processing of data is an official document containing personal data, he may request that it be returned, f) destruction of his personal data, which constitute the subject of processing, provided that the personal data protection act has been breached. The rights of a data subject under 20 (1) d) and e) of the personal data protection act can be restricted only if such a restriction is stipulated by a special act or if application of the right would breach the protection of a data subject or breach the rights and freedoms of other persons. Restriction of the rights of data subjects under 20 (1) d) and e) of the personal data protection act will be immediately reported by the controller in writing to the data subject and to the Office. Article 4 The responsible person and his obligations with respect to the application of the rights of data subjects Under 19 of the personal data protection act, a person responsible for the oversight of the protection of personal data has been appointed. In addition to other tasks, this person also ensures the processing of requests of data subjects related to the application of their rights under 20 to 22 of the personal data protection act. The controller is obliged to meet the requests of data subjects under 20 of the personal data protection act and inform the data subject in writing within 30 days of receipt of the request. You can send your requests related to the application of your rights in writing or electronically to: Ministerstvo zahraničných vecí Slovenskej republiky Hlboká cesta 2 833 36 Bratislava Slovak Republic Tel.: + 421 2 5978 1111 e-mail: info@mzv.sk If the data subject is unsatisfied with the course and method of processing his request related to the exercise of his rights under 20 of the personal data protection act, he is entitled to turn to the Office: www.dataprotection.gov.sk. 3
III. Information on the rights related to the protection of personal data When submitting an application for visa, the data subject gives his consent to the processing of his personal data by signing the visa application. The wording of the consent in the visa questionnaire reads as follows: I am aware of and consent to the following: the collection of the data required by this application form and the taking of my photograph and, if applicable, the taking of fingerprints, are mandatory for the examination of the visa application; and any personal data concerning me which appear on the visa application form, as well as my fingerprints and my photograph will be supplied to the relevant authorities of the Member States and processed by those authorities, for the purposes of a decision on my visa application. Such data as well as data concerning the decision taken on my application or a decision whether to annul, revoke or extend a visa issued will be entered into, and stored in the Visa Information System (VIS)** for a maximum period of five years, during which it will be accessible to the visa authorities and the authorities competent for carrying out checks on visas at external borders and within the Member States, immigration and asylum authorities in the Member States for the purposes of verifying whether the conditions for the legal entry into, stay and residence on the territory of the Member States are fulfilled, of identifying persons who do not or who no longer fulfil these conditions, of examining an asylum application and of determining responsibility for such examination. Under certain conditions the data will be also available to designated authorities of the Member States and to Europol for the purpose of the prevention, detection and investigation of terrorist offences and of other serious criminal offences. The authorities of the Member State responsible for processing the data are: Ministry of Foreign Affairs of the Slovak Republic, Hlboká cesta 2, 833 36 Bratislava and Ministry of Interior of the Slovak Republic, Border and Alien Police Bureau, Vajnorská 25, 812 72 Bratislava. I am aware that I have the right to obtain in any of the Member States notification of the data relating to me recorded in the VIS and of the Member State which transmitted the data, and to request that data relating to me which are inaccurate be corrected and that data relating to me processed unlawfully be deleted. At my express request, the authority examining my application will inform me of the manner in which I may exercise my right to check the personal data concerning me and have them corrected or deleted, including the related remedies according to the national law of the State concerned. The national supervisory authority of that Member State that will hear claims concerning the protection of personal data is: The Office for Personal Data Protection of the Slovak Republic, Odborárske námestie 3, 817 60 Bratislava. I declare that to the best of my knowledge all particulars supplied by me are correct and complete. I am aware that any false statements will lead to my application being rejected or to the annulment of a visa already granted and may also render me liable to prosecution under the law of the Member State which deals with the application. 4
I undertake to leave the territory of the Member States before the expiry of the visa, if granted. I have been informed that possession of a visa is only one of the prerequisites for entry into the European territory of the Member States. The mere fact that a visa has been granted to me does not mean that I will be entitled to compensation if I fail to comply with the relevant provisions of Article 5(1) of Regulation (EC) No 562/2006 (Schengen Borders Code) and I am therefore refused entry. The prerequisites for entry will be checked again on entry into the European territory of the Member States. IV. Further information with regard to the protection of personal data More detailed information with regard to the protection of personal data, including the personal data protection act and European regulations, as well as answers to frequently asked questions, can be found on the Office s website at www.dataprotection.gov.sk, or you can contact the Office at: Úrad na ochranu osobných údajov Slovenskej republiky Odborárske námestie 3 817 60 Bratislava Slovenská republika Tel.: + 421 2 502 39 418 e-mail: statny.dozor@pdp.gov.sk Other issues associated with the residence of foreigners in Slovakia in relation to the processing of personal data after the submission of a visa application are regulated by Act No. 404/2011 Coll. on the Residence of Foreigners and on Amendment and Supplementation of Certain Laws. 5