Privacy policy for the processing of personal data during the acceptance and examination of visa applications, and ensuring the appeal of the decisions taken   

In accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – Regulation), please be informed about the processing of personal data in the process of submission and processing of visa applications. 

 

Controller

The Ministry of the Foreign Affairs of Latvia, Reg. No: 90000069065, K. Valdemāra iela 3, Rīga LV-1395, e-mail: mfa.cha@mfa.gov.lv, hereinafter – Controller.

Contact details of the Data Protection Officer

Correspondence to be addressed to the Data Protection Officer at K. Valdemāra iela 3, Rīga, LV-1395

e-mail: datu.aizsardziba@mfa.gov.lv.

Purpose of the processing of data

Personal data are processed for the purpose of ensuring the examination of visa applications, taking a decision on the issuance of a visa, and the process of appeal against the decisions taken.

 

Personal data that are processed

In order to receive a visa for entry into the Republic of Latvia or the territory of the Schengen Agreement Member States (hereinafter – Schengen Area), you must complete a form in which the following information must be indicated: given name, surname, identification number, address, contact details, marital status, identity document information, employer, professional experience, purpose of entry, financial information and other information substantiating the purpose of your entry into the territory of the Member States.

In addition, biometric data shall be provided, or information shall be indicated on the biometric data provided earlier. In order to verify your compliance with the conditions for issuing a visa, you may be asked to provide additional supporting documents, such as health information, if the purpose of entry is medical treatment, information on criminal record (or absence thereof), etc. Also, additional information may be obtained during the examination of your application from the databases of our co-operation partners – the Border Guard, law enforcement authorities, other countries (e.g., via the Visa Information System) in order to ascertain that you have no obstacles to entry into the Republic of Latvia or the Schengen Area and that the information provided in your application is accurate.

 

Legal basis for the processing of data

The legal basis for the processing of personal data is provided in points (c) and (e) of Article 6(1) of the Regulation, namely, for the performance of delegated functions in compliance with the provisions of Regulation (EC) No 810/2009 of the European Parliament and of the Council of 13 July 2009 establishing a Community Code on Visas (Visa Code) and the provisions of the Immigration Law and the Cabinet Regulation No 676 of 30 August 2011, Visa Regulations, adopted pursuant to the said law. 

In order to ensure a comprehensive process of examination of the visa application and legal interests of the Controller, the information obtained during the process of examination of the visa application may be used to provide evidence that your application has been examined and evaluated in accordance with the requirements of laws and regulations. The legal basis for such processing is the legitimate interests pursued by the controller or by a third party, according to point (f) of Article 6(1) of the Regulation.

 

Who will receive your personal data

The processing of your personal data will be performed by duly authorised employees of the Controller in accordance with the scope specified in their work duties, observing the requirements specified in laws and regulations governing personal data protection and other fields, as well as the requirements for the processing of personal data specified in the internal regulations of the Controller.

Personal data can be handed over to:

  • the external service providers to the controller, i.e., visa centres which ensure receipt of your application and handing over of the decision together with your travel document;
  • law enforcement and control authorities;
  • the Office of Citizenship and Migration Affairs, including information on your application in the Visa Information System;
  • courts, for example, in appealing against a decision taken by the Ministry;
  • visa processing authorities of other Schengen Area Member States who are using the Visa Information System.

The Controller would like to inform you that you can find out about the safeguards that ensure the security of your personal data when transferring them to a third country (e.g., to a cooperation partner in your home country, where you applied for a visa) by contacting the diplomatic mission.

 

How long your personal data are stored

Pursuant to external regulatory enactments, if the visa has been issued, the Controller shall keep the visa application documents submitted by you for one year; they then shall be transferred to the Office of Citizenship Migration Affairs. However, in the case of a visa denial, your application will be kept for five years and then destroyed. Information that has been entered into the national Visa Information System electronically, is stored by the administrator of the relevant system – the Office of Citizenship and Migration Affairs. In the event of a dispute concerning the documents or information provided by you, all relevant information may be retained until the final ruling of the court and its enforcement.

 

Your rights as a data subject

Right of access.  

You have the right to access your personal data and to obtain from the Controller information on the processing of your personal data. You can request the Controller to provide you with information on the processing of your personal data if you think that information given under the present Privacy Policy is not comprehensive enough.

Right to rectification.

If you have noticed inaccuracies in your personal data, you have the right, by sending a respective request, to obtain from the Controller the rectification of inaccurate data concerning you.

Right to erasure (‘right to be forgotten’). You have the right to obtain from the controller the erasure of your personal data in the following cases: if the personal data are no longer necessary in relation to the purposes set out in the privacy policy for which they were processed; the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation. The erasure of personal data is impossible if the Controller is subject to a legal obligation to process your personal data or if the Ministry cannot be recognised as Controller in relation to keeping your personal data, e.g., the data entered into electronic information systems.

Likewise, erasure of data is impossible if the processing of personal data is necessary for the establishment, exercise or defence of legal claims.  

Right to restriction of processing. You have the right to obtain from the Controller restriction of processing if: you are contesting the lawfulness or accuracy of the processing of the data; you believe that the processing is unlawful, but you oppose the erasure of those personal data; your data are no longer needed for definite purposes but you need them for the defence of your legal interests and rights.

Right to object to processing. You have the right to object at any time to the processing of your personal data that is based on the Controller’s legitimate interests. The Controller has the right to continue processing your personal data where the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms for the establishment, exercise or defence of legal claims.

Right to lodge a complaint. If you consider that the Controller has infringed on your rights or has not appropriately protected your personal data, please contact your Controller to expressly resolve the unclear matters. If the dispute cannot be resolved in co-operation with the Controller, you have the right to lodge a complaint with the Data State Inspectorate of the Republic of Latvia at https://www.dvi.gov.lv/lv.

Procedure for submitting requests

For the exercise of all of those rights, you may send a request to the contact of the Controller and the Data Protection Officer specified in the privacy policy document, indicating information in the request that makes it possible to identify you as the respective data subject.

 

Final provisions

The Controller can make changes to this privacy policy. The Controller will inform you about any changes by posting the relevant information on its website. If the changes in question directly affect the processing of your personal data, the Controller may send the relevant information to your e-mail address.

 

The latest date of the approval of the present policy: 21 June 2023.