Request to international database

Visa Information System (VIS)

In order to process visa applications for short-stays in Schengen countries, a central register of personal data contained in the visa form, fingerprints and facial images of visa applicants has been established in the European Union. Estonian Data Protection Inspectorate monitors whether the authorities comply with regulations when processing and collecting data.

The Visa Information System (VIS) is a system for the exchange of visa data between EU Member States, the purpose of which is to facilitate visa application procedures, prevent visa fraud, facilitate both border and identity checks on the territory of the Member States and contribute to the prevention of threats to the internal security of any Member State. To this end, the VIS is the central repository for data on short-stay Schengen visas, which is a central database of personal data contained in the visa form, fingerprints and facial images of persons applying for short-stay visas in the Schengen area.

The Visa Information System, which is used by Member States' consulates around the world, allows Member States to exchange information on short-stay visas in Schengen countries. 

Detailed rules for the use of the VIS are set out in the VIS Regulation.

The maximum possible retention period for the data entered is 5 years. The retention period starts:

• At the expiry date of the visa, if issued;

• At the end of the new validity period of the visa, if extended;

• On the date of creation of the application file in the VIS in the event of withdrawal, closure, or interruption of the processing of the visa application; or

• On the date when the visa-issuing authority made the corresponding decision in the event of refusal to issue a visa, its invalidation, shortening or cancellation.

Your rights
If data regarding you has been entered in the VIS, you have the right to know what data has been entered, including which Member State has provided this data to the VIS. You have the right to have factually inaccurate data corrected and to request the deletion of data unlawfully entered in the VIS.

If you want to find out which data concerning you has been included in the VIS, or request data relating to you which are inaccurate to be corrected and the data unlawfully recorded to be deleted, you can submit a request to the Estonian Data Protection Inspectorate or the Police and Border Guard Board (the authority responsible for processing your data).

In your request, please include:

• the authority that entered the data concerning you;

• everything concerning the data in question (type of data, information on where and how you found out about your data in the VIS, etc);

• the data you want to have deleted or corrected (if this is the purpose of the request).

In addition, the request must state the name, date of birth and citizenship of the applicant and be signed. For proof of identity, the request must be digitally signed.

A suitable response must be provided by data controller or supervisory authority without undue delay and in any case within one month after submitting the request. 

VIS supervision

The European Data Protection Supervisor (EDPS) monitors that the processing of information in the VIS at EU level is carried out in accordance with the VIS rules. National Data Protection Authorities (DPAs) monitor the lawfulness of the processing of personal data in the Member States, including the transmission of personal data to and from the VIS. The supervisory responsibility of the national supervisory authorities derives from Article 41 of the VIS Regulation.

The Data Protection Inspectorate is the supervisory authority for personal data processing in the VIS. 

On the basis of Article 43 of the VIS Regulation, the National Supervisory Authorities and the European Data Protection Supervisor, each acting within the scope of their respective competences, shall actively cooperate with each other in the framework of their respective responsibilities and shall ensure coordinated supervision of the VIS and the national systems (VIS SCG). 

Complaints

If the answer to the application is negative or unsatisfactory, you have the right to lodge a complaint with the Data Protection Inspectorate or an administrative court. Filing a complaint with the Data Protection Inspectorate is free of charge. More information on the right of access to personal data here. 

Customs Information System (CIS)Customs Information System (CIS)

The Customs Information System (CIS) is a system established within the European Union to handle customs data in the Schengen countries, which facilitates fraud prevention by allowing Member States' customs authorities to share information. The Data Protection Inspectorate monitors the authorities' compliance with the requirements set out below when processing and collecting data. 

The Customs Information System (CIS) is a system for the pooling of customs information between Member States for the purpose of preventing, investigating and prosecuting offences relating to customs or agricultural regulation. For this purpose, the CIS is the central repository of Schengen customs information, which is a central database of data on goods, means of transport, businesses and persons involved in offences passing through Schengen area customs.

The Customs Information System, used by the customs authorities of the Member States, allows Member States to exchange information on customs data from Schengen countries. Detailed rules for the use of the Customs Information System are laid down in the CIS Regulation.

The maximum possible retention period for the data entered is 10 years. 

Your rights

If data regarding you has been entered in the CIS, you have the right to know what data has been entered, including which Member State has provided this data to the CIS. You have the right to have factually inaccurate data corrected and to request the deletion of data unlawfully entered in the CIS.

If you want to find out which data concerning you has been included in the CIS, or request data relating to you which are inaccurate to be corrected and the data unlawfully recorded to be deleted, you can submit a request to the Estonian Data Protection Inspectorate or the Tax and Customs Board. 

In the request, please include:

• the authority that entered the data concerning you;

• everything concerning the data in question (type of data, information on where and how you found out about your data in the CIS, etc.);

• the data you want to have deleted or corrected (if this is the purpose of the request).

In addition, the application must state the name, date of birth and citizenship of the applicant and be signed. For proof of identity, the application must be digitally signed.

CIS supervision

The European Data Protection Supervisor (EDPS) monitors that the processing of information in the CIS at EU level is carried out in accordance with the CIS rules. The national data protection authorities monitor that the processing of personal data in the CIS is carried out in a lawful manner. The supervisory responsibility of the national supervisory authorities derives from Article 24 of the CIS Regulation.

The Data Protection Inspectorate is the supervisory authority for personal data processing in the CIS.

On the basis of Article 26 of the CIS Regulation, the Joint Supervisory Authority, composed of the national supervisory authorities, and the European Data Protection Supervisor (EDPS), each acting within the scope of their respective competences, actively cooperate with each other in the framework of their respective responsibilities and ensure coordinated supervision of the CIS, including the issuing of relevant recommendations (CIS SCG).

Complaints

If your request is not granted, you have the right to lodge a complaint with the Data Protection Inspectorate or an administrative court. Filing a complaint with the Data Protection Inspectorate is free of charge. More information on the right of access to personal data. 

Schengen Information System (SIS II)

To ensure the security of Schengen countries and impede criminal activity, the European Union has set up a central entry refusal register. The Data Protection Inspectorate monitors the authorities' compliance with the requirements set out below when processing and collecting data.

The Schengen Information System (SIS) is a system for the exchange of data between Member States on refusals of entry, the purpose of which is to ensure public order, security, and the free movement of persons within the Schengen area by refusing entry or visa applications to persons on the SIS refusal of entry list. For this purpose, the SIS is the central refusal of entry repository for the Schengen visa area, which is a central database containing the personal data of persons on the Schengen area's refusal of entry list. 

The Schengen Information System, which is used by the police and customs services of the Member States, allows Member States to enter alerts on certain categories of wanted or missing persons and objects. 

Detailed rules for the use of the Schengen Information System are set out in the SIS II Regulation and SIS Decision. 

It is important to point out, that due to SIS II Recast, SIS II will start to operate on the basis of the following regulations:

• Regulation (EU) 2018/1860 (illegally staying third country nationals);

• Regulation (EU) 2018/1861 (border control);

• Regulation (EU) 2018/1862 (police cooperation).

Your rights
If data regarding you has been entered in the SIS II, you have the right to know what data has been entered, including which Member State has provided this data to the SIS II. You have the right to have factually inaccurate data corrected and to request the deletion of data unlawfully entered in the SIS II.

If you want to find out which data concerning you has been included in the SIS II, or request data relating to you which are inaccurate to be corrected and the data unlawfully recorded to be deleted, you can submit a request to the Estonian Data Protection Inspectorate or the Police and Border Guard Board (the authority responsible for processing your data). 

In your request, please include:

• the authority that entered the data concerning you;

• everything concerning the data in question (type of data, information on where and how you found out about your data in the SIS II, etc.);

• the data you want to have deleted or corrected (if this is the purpose of the request).

In addition, the application must state the name, date of birth and citizenship of the applicant and be signed. For proof of identity, the application must be digitally signed.

SIS Supervision

The European Data Protection Supervisor (EDPS) monitors that the processing of information in SIS II at EU level is carried out in accordance with the SIS II rules. National data protection authorities monitor the lawfulness of the processing and transmission of personal data contained in SIS II on their territory or from their territory, as well as the exchange and further processing of supplementary information. The supervisory responsibility of the national supervisory authorities derives from Article 44 of the SIS II Regulation.

The Data Protection Inspectorate is the national supervisory authority for personal data processing in the SIS II. 

Pursuant to Article 46 of the SIS II Regulation, the National Supervisory Authorities and the European Data Protection Supervisor, each acting within the scope of their respective competences, shall actively cooperate with each other within the framework of their respective responsibilities and shall ensure coordinated supervision of the SIS II (SIS II SCG).

Complaints

If your request is not granted, you have the right to lodge a complaint with the Data Protection Inspectorate or an administrative court. Filing a complaint with the Data Protection Inspectorate is free of charge. More information on the right of access to personal data.