Version 1.2, 28th March 2022
Legal basis and meaning
Legislation is necessary to protect people’s privacy. In May 2018 the General Data Protection Regulation (GDPR) came into force in all European Union member states. In the Netherlands this Regulation replaced the Personal Data Protection Act (WBP).
The GDPR regulates the protection of personal data, i.e. information that can be traced back to an individual. The aim is to ensure that people know who is processing their data, what data is being processed and for what purpose.
How does the Ministry of Foreign Affairs (BZ) handle your personal data?
Because the work done at BZ often entails working with personal data, it is important to ensure that people’s privacy is protected and that privacy legislation is complied with at all times. The statement below explains how BZ ensures this.
Information about your visa application
Why we need information about you
To assess your visa application, we need information from you. You provide this information on the visa application form. Without this information no decision can be made on your visa application. You will only be asked for information that is needed to make this decision.
The information you need to fill in relates to yourself and your sponsor, if you specify one. BZ uses this information to make a decision on your visa application, which is one of its public tasks
Sharing your personal data with third parties
The details you fill in on the visa application form and information regarding the decision on your application or, if relevant, the decision to cancel, revoke or extend your visa are entered into the National Visa Information System (NVIS) and the European Visa Information System (VIS).
It is important that your application is properly assessed. For this purpose the personal details on your visa application form, as well as your fingerprints and photo, are shared with the competent authorities in the other EU member states before a decision is made. Information entered in VIS can be accessed by visa authorities, by the authorities competent to carry out visa checks at external borders and within member states, and by member states’ immigration and asylum authorities.
Information is shared so that authorities can check whether the conditions for lawful entry into and lawful residence within the territory of the member states have been met, to determine which individuals do not or no longer meet these conditions, and to investigate an asylum application and establish who is responsible for carrying out thisinvestigation. Under certain conditions, Europol and designated authorities in the member states also have access
to the information, in order to prevent, detect and investigate terrorist offences and other serious crime.
When you use our services, such as when applying for a Schengen visa, we may share some of your personal data with third parties. This takes place in countries where the Dutch Ministry of Foreign Affairs cooperates with External Service Providers for handling your visa application. The ministry works together with two companies in this ; TLScontact (only in China) and VFSglobal (in the rest of the world). Both companies also work for other Schengen Member States.
When we process your Schengen visa application (National Visa Information System), we engage external parties (Processors) form the it-sector, for both the management of the systems being used, and also for hosting the computer servers required for this purpose. These parties are located in the Netherlands in respectively Utrecht and Amsterdam. When we share your personal data with Processors, we ensure that your personal data is protected in accordance with the GDPR and this Privacy Statement through the Processor Agreements we have entered into with our third parties.
To ensure that your visa application is assessed as quickly and effectively as possible, BZ uses a method based on data analysis called Information-Supported Decision-Making. This method involves comparing the information provided in your visa application with information held in a specially designed secure database called the BZ Application Assessment Database (BAO). A special factsheet has been drawn up to explain which information is used and how it is processed.
You are entitled to ask what information about you is stored in NVIS and BAO. You are also entitled to correct incorrect information and request that information be removed, subject to statutory provisions. You can apply to individual member states to find out what information about you is stored in the VIS and to exercise your other rights. Finally, you are entitled to object to your personal data being entered into databases.
Retention period for personal data
Your personal data will be stored in NVIS, BAO and VIS for up to five years.
If you have any questions or requests concerning your personal data, please write to: Ministry of Foreign Affairs, Consular Affairs and Visa Policy Department (DCV), P.O. Box 20061, 2500 EB Den Haag.
You may also submit a question or complaint regarding the processing of your personal data to the national supervisory authority: Data Protection Authority, P.O. Box 93374, 2509 AJ Den Haag.