Personal data protection
INFORMATION REGARDING THE PROTECTION OF PERSONAL DATA
In accordance with the requirements of on the processing of personal data and the protection of privacy in the electronic communications sector and Law No. 271 /2010 for the establishment, organization and functioning of the National Visa Information System and Romania's participation in the Visa Information System as a personal data controller, the Ministry of Foreign Affairs, with its registered office at 31, Aleea Alexandru, 1st district, Bucharest, Romania, must manage under secure conditions and only for the purposes specified below, well determined by the specific regulatory framework in force, the personal data that you provide us under the law about yourself, a member of your family or another person. Within the Ministry of Foreign Affairs, the designated personal data protection officer can be contacted at – dpo@mae.ro
The purpose of the data collection is to facilitate the reception and processing of applications for entry visas to Romania.
This information relates to the purpose of data collection for the processing and examination of applications for entry visas to Romania and the issuance of the requested visas. Data subjects of personal data processing for this purpose who choose to apply for an entry visa to Romania online via the national electronic portal for facilitating visa applications eViza - www.eviza.mae.ro are obliged to provide the data requested by the visa application forms*; refusal to provide the data contained in any of them will result in the inadmissibility of the visa application, which will not be processed at the diplomatic missions/consular offices of Romania.
The information recorded is intended for use by the operator and shall be communicated by the persons concerned, for retrieval from the eViza external electronic portal only to the diplomatic missions and consular posts of Romania.
According to the provisions of the GDPR, data subjects have the following rights with regard to the processing of their personal data:
- the right to be informed;
- the right to access the data;
- the right to rectify the data;
- the right to object;
- the right to erase the data;
- the right to restrict processing;
- the right not to be subject to an automated decision;
- the right to file a complaint with the controller (dpo@mae.ro), the National Supervisory Authority for Personal Data Processing http://www.dataprotection.ro/ and the right to take legal action.
In order to exercise the above-mentioned rights, you can access the official website of the Ministry of Foreign Affairs - www.mae.ro, from where requests to exercise these rights can be downloaded.
Should any of your details be inaccurate, please inform us as soon as possible. Your data communicated through the eVisa electronic portal will not be transferred abroad.
The legal basis for the processing of personal data for the purposes mentioned above is granted by the legislation in force, as follows:
European legislation:
• The (EC) Regulation No. 810/2009 of the European Parliament and of the Council of July 13th, 2009 establishing a Community Code on Visas (Visa Code), as subsequently amended and supplemented (at present, Romania fully applies the provisions of Article 3 of the Visa Code, with the Regulation becoming directly applicable from the date of our country's accession to the Schengen Area. Until the date of accession, the Visa Code is applied by Romania by way of recommendation, many of the provisions contained in this European normative act being mirrored in the national legislation);
• The (EC) Regulation No 767/2008 of the European Parliament and of the Council of July 9th, 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) as amended and supplemented and related legislation;
• The (EC) Regulation No 1987/2006 of the European Parliament and of the Council of December 20th, 2006 on the establishment, operation and use of the second-generation Schengen Information System (SIS II), as amended and supplemented;
• The Council Decision 2007/533/JHA of June 12th, 2007 on the establishment, operation and use of the second-generation Schengen Information System (SIS II), as amended and supplemented;
• The (EU) Regulation 2018/1806 of the European Parliament and of the Council of November 14th, 2018 listing the third countries whose nationals must be in possession of visas when crossing the external borders and those whose nationals are exempt from that requirement (codified text);
• The (EU) Regulation 2016/399 of the European Parliament and of the Council of March 9th, 2016 on the Union Code on the rules governing the movement of persons across borders (Schengen Borders Code) (encoded text);
• The EC Regulation No 1931 of December 20th, 2006 laying down rules on local border traffic at the external land borders of the Member States and amending the provisions of the Schengen Convention;
• The (EC) Council Regulation No 1030/2002 of June 13th, 2002 laying down a uniform format for residence permits for third-country nationals and (EU) Regulation 2017/1954 of the European Parliament and of the Council of October 25th, 2017 amending the (EC) Council Regulation No 1030/2002 laying down a uniform format for residence permits for third-country nationals.
National Legislation:
• Government Decision No 16 of January 12th, 2017 on the organization and functioning of the Ministry of Foreign Affairs, as amended;
• The Law for the amendment and completion of Law No 102/2005 on the establishment, organization and functioning of the National Authority for the Supervision of Personal Data Processing and for the repeal of Law No 677/2001 on the protection of individuals with regard to the processing of personal data and the free movement of such data;
• The Decision of the President of the ANSPDCP No 99/2018 on the termination of the applicability of certain regulatory acts of an administrative nature issued in application of Law No 677/2001 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as subsequently amended and supplemented, with effect from May 25th, 2018;
• Law No 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector, as amended and supplemented;
• Law No 682/2001 on the ratification of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, adopted in Strasbourg on January 28th, 1981;
• Law No 271/2010 on the establishment, organization and functioning of the National Visa Information System and Romania's participation in the Visa Information System (VIS Law);
• Law No 141/2010 on the establishment, organization and functioning of the National Signals Information System and Romania's participation in the Schengen Information System;
• The Emergency Ordinance of the Romanian Government No 194/2002 on the regime of foreigners in Romania, republished, with subsequent amendments and additions;
• The Order of the Minister of Foreign Affairs no. 1626/2017 for the amendment of the Annex to Order of the Minister of Foreign Affairs no. 1743/2010 for the approval of the revised list of states for whose citizens the invitation procedure for granting short-stay visas to enter the territory of Romania is required;
• Government Emergency Ordinance No 102/2005 on the free movement on the territory of Romania of citizens of the Member States of the European Union and the European Economic Area, republished, with subsequent amendments and additions;
•The visa activity falls within the competence of the Ministry of Foreign Affairs, according to the provisions of the Consular Regulation approved by the Government Decision no. 760/1999 with subsequent amendments and additions;
• Order no. 1132/2016 approving the Regulation on the organization, functioning and internal order of the Ministry of Foreign Affairs.
For the above purposes, the following categories of data will be processed:
• Data regarding the data subject: name, surname; domicile/residence, ID /Passport series and number, national ID/PIN, photo/image, marital status (including dependent minors), hobbies, habits, affiliations, financial data (account number, taxes).
• Data regarding family members: name and surname; sex; pseudonym / alias; date and place of birth; nationality; signature; data from civil status documents; data from driving license / registration certificate; pension file number; health insurance number; physical / anthropometric characteristics; telephone / fax; e-mail address; profession; place of work; training, diplomas, studies; family status; military status; economic and financial status, data on assets held; bank details; habits / preferences / behavior; address in Romania, information about the host.
• Special categories of data: processed only when necessary to justify the purpose of travelling to Romania and/or to prevent risks to national security, public order, morals and health. Only authorized persons have access to these categories of data, and they shall be recorded in visa applications only in cases where they are necessary for the above purposes, the knowledge of which is imperative for the fair processing of visa applications.
The personal data provided by you will be stored in accordance with the provisions of Art. 23-24 of the NVIS Act. These data are also transmitted to public authorities/institutions empowered by law to consult information on personal data or to decide on visa applications, in compliance with the provisions of the General Data Protection Regulation.
The sections of the visa application forms marked with an asterisk (*) do not have to be filled in by third-country nationals who are family members of citizens of the European Union, the European Economic Area and the Swiss Confederation (spouse, child or dependent ascendant).
** If you do not consent to the processing of your personal data and object to the processing, please note that your visa application becomes inadmissible and your data cannot be processed for the purpose of applying for a Romanian visa. At the same time, if you wish to have your personal data deleted, if you hold a valid visa obtained on the basis of those data at the time of your deletion request, your visa will be revoked. If no decision has been taken on the visa application, it cannot be further processed and it should also be noted that the fee for processing a visa application cannot be refunded. According to Article 20 of the GDPR, the data subject benefits from the right to data portability and according to Article 22 of the GDPR, from the right not to be subject to automated individual decision-making. Within the framework of the work in the field of visas, the data collected in relation to the examination and issuance of visas by the Ministry of Foreign Affairs operator, by virtue of its capacity as central competent authority, are not ported to other recipients, as the working procedures inherent to this field are clearly regulated by the European and national legislation in force, and it is not possible to use ported data. At the same time, the examination and issuance of a visa does not rely at any time on individual automated decision-making processes. Therefore, in relation to the application for entry visas to Romania, the exercise of these two rights by the persons concerned is irrelevant.
IMPORTANT INFORMATION:
Personal data of data subjects are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR).
Personal data provided through the eVisa portal by citizens of states who need visas to travel to Romania are provided to the Ministry of Foreign Affairs and processed by this institution, for the well-defined purpose of processing, examining and issuing visas.
PROVIDING PERSONAL DATA THROUGH THE eVIZA PORTAL, IF YOU CHOOSE TO APPLY ONLINE:
Categories of persons concerned by the processing of personal data for the purpose of processing and issuing entry visas to Romania: third-country nationals falling within the scope of European and national legal instruments regulating visa policy, i.e. the regime of foreigners in Romania, by submitting Romanian visa applications, regardless of the purpose of the trip.
By using the external portal eViza - www.eviza.ro , at the time of starting the online visa application process, it is necessary to acknowledge and agree to the terms and conditions regarding the provision of your personal data for the purpose of processing and issuing visas for entry into Romania.
Personal data provided through the E-VIZA external portal will be used exclusively for the purpose of processing, examining and issuing entry visas to Romania. These data will be processed by the Ministry of Foreign Affairs only when the data subject has agreed to the terms and conditions relating to this aspect.
The Ministry of Foreign Affairs processes only the categories of personal data necessary for the examination of a visa application, as established at European Union level, for the purpose of issuing an entry visa to Romania. The Ministry of Foreign Affairs does not request and does not process personal data relating to racial or ethnic origin, political, religious, philosophical or similar beliefs, trade union membership and personal data relating to health or sex life, outside the regulatory framework establishing the visa policy.
DETAILS OF INTEREST:
- All personal data requested through the forms in the external E-VIZA portal will be made available to the diplomatic missions and consular offices of Romania to which the data subject chooses to present him/herself.
- The data in the external portal is stored on a secure central server belonging to the Romanian Ministry of Foreign Affairs. When a visa file is sent to a diplomatic mission/consular office of Romania, it will be transferred to the internal E-VIZA portal and stored on a secure central server in the internal network of the Romanian MFA. At this point, the personal data in the external portal will be transferred in its entirety to the secure network of the Ministry of Foreign Affairs and will no longer be available online.
- When a visa applicant does not complete an application file, his/her personal data filled in the external portal up to a certain point will be stored on the central server of the Ministry of Foreign Affairs for the external portal for a period limited to 30 days. At the end of this period, the uncompleted file and all the data filled in the file will be automatically deleted and will no longer be available online.
- The personal data provided through the visa application files filled in the E-VIZA portal will be made available exclusively to the competent Romanian authorities and processed by them, where appropriate, for the purpose of making a decision on the visa application submitted through this portal. These data may be entered and stored in databases accessible only to the Romanian authorities competent in visa matters, in accordance with the national legislation in force.
- The identity of the controller: the Ministry of Foreign Affairs of Romania.
- Purpose for which data processing is carried out: exclusively for processing and examining visa applications submitted by third-country nationals subject to a visa requirement to travel to Romania, and for issuing entry visas to Romania.
- Storage period of personal data provided: according to the provisions of Article 23 and 24 of the NVIS Act.
- Recipients of personal data provided for the purpose of applying for entry visas to Romania: exclusively the competent national authorities provided for in Article 30 of Government Emergency Ordinance No 194/2002 on the regime of foreigners in Romania, republished, as amended and supplemented.
- Visa applicants who do not consider it appropriate to provide the personal data required for filling in the standard visa application forms should bear in mind that refusal to provide all the necessary data may lead to the inadmissibility of the visa application or, where appropriate, to the refusal to grant the requested visa, the revocation of a visa already obtained, etc.