Welcome

Data protection in the visa application process

A USB stick and a combination lock on a computer keyboard

Data protection, © colourbox.de

Article

Information in accordance with Art. 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation)

Who is responsible for processing my data, and who is the Data Protection Commissioner?

Responsibility for processing the data lies with the Embassy of the Federal Republic of Germany in Valletta, Whitehall Mansions, 3rd Floor, Ta’Xbiex, XBX 1026, Malta; e-mail: info@valletta.diplo.de; phone +356 2260 4000 and the Federal Foreign Office (postal address: Federal Foreign Office, 11013 Berlin, Germany).

You can contact the Federal Foreign Office Data Protection Commissioner as follows:
Werderscher Markt 1
10117 Berlin
Germany
Email
Tel.: + 49 30 5000 2711
Fax: + 49 30 5000 5 1733

What data does the mission process when I apply for a visa, and where do the data come from?

The categories of personal data to be processed include data requested in the visa application form. These generally include, in particular, your surname, name at birth, first name, date and place (including the country) of birth, gender, nationality/nationalities, marital status, current address, telephone number, email address, occupation, details of your travel document (type of document, serial number, issuing state and authority, date of issue, expiry date), your photograph and fingerprints.

The data in these categories derive from the information you provide in the course of the visa application process.

What data does the mission process when I issue a letter of invitation for someone to use to apply for a visa, and where do the data come from?

The categories of personal data to be processed include data relating to the person issuing the invitation as requested in the visa application form. These include, in particular, your surname and first name, address, fax number and email address.

The data in these categories derive from the information provided by you in the invitation letter and by the applicant in the course of the visa application process.

Why are my data collected, and what happens if they are not?

Your data are collected as this is necessary for the proper processing of the visa application and is required by law. If you apply for a visa, you are required under section 82 of the Residence Act (Aufenthaltsgesetz) to provide the data required for the processing of the application and to make available the necessary information. If your data are not provided, your application may be rejected and the fee retained.

For which purposes and on which legal basis are my data processed?

Your personal data are processed solely in order to ensure the proper completion of the visa application.

The legal basis is provided by Art. 6 (1) (c) and (e) and (2) of Regulation (EU) 2016/679 (General Data Protection Regulation) in combination with Regulation (EC) No. 767/2008 (VIS Regulation) and Regulation (EC) No. 810/2009 (Visa Code) including its Annexes, and Sections 72a ff. of the Residence Act and Section 69 of the Ordinance on residence, as well as the implementing regulation on the Central Register of Foreigners Act (AZRG-DV), the Visa Warning File Act (VWDG) and further special regulations as appropriate or Section 3 of the Federal Data Protection Act (BDSG 2018).

How long are my data used for?

Your data are deleted as soon as they are no longer required for completion of the visa application procedure. They are generally deleted two years after the visa procedure has been concluded, but at the latest five years after the final decision on the visa application.

Who receives my data?

Your data are transferred to third parties only where necessary for the proper processing of the visa application. As part of this procedure, your personal data may be passed to the competent authorities in Germany, to the responsible visa offices of other Schengen member states or to the responsible authorities in your place of habitual residence. In the event that an external service provider is tasked with the performance of individual steps in the visa application process, your data will be collected by or transmitted to such service provider insofar as this is required in order to complete the process. Data are only transmitted to recipients outside the European Union if this is permissible in accordance with Chapter 5 of the GDPR. Applications for visas are received by our external visa service provider, including Visametric, VFS Global, BLS and TLS and forwarded to the Embassy or Consulate General. This visa service provider processes personal data on behalf of the Federal Foreign Office as a “processor” within the meaning of Article 28 of the GDPR. The Federal Foreign Office remains responsible for the processing of data (see above for the controller’s name and contact information). The processor will ensure that your data is processed in accordance with the requirements of the GDPR and the Federal Data Protection Act and that the protection of your rights is guaranteed. To this end, the Federal Foreign Office has concluded a contract with the processor which incorporates the stipulations contained in Article 28 (3) of the GDPR and guarantees that your data will be handled with due care.

What data protection rights can I invoke as a data subject?

You can request information about the personal data stored about you from the abovementioned entities responsible for data processing. In addition, under certain conditions, you can request that your data are corrected, erased or that processing is restricted. Further, under certain conditions, you can object to the processing of your data.

Where can I file a complaint?

You have the right to file a complaint about the processing of your personal data with a data protection authority, particularly in the member state in which you have your place of residence or employment or in the place where the alleged breach of data privacy occurred.

Top of page