Ministry of Internal Affairs
Print

Processing personal data in the Entry / Exit System

PROCESSING PERSONAL DATA IN

THE ENTRY / EXIT SYSTEM

Personal data – any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing –  any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Processing genetic, biometric or health-related data, in order to perform an automated decision-making process or with a view to create profiles is allowed only based on explicit consent of the data subject or if the processing is based on explicit legal provisions, while adequate measures for protecting rights, liberties and legitimate interests of the data subject are established.

WHAT IS THE ENTRY / EXIT SYSTEM?

The Entry / Exit System (EES) is a new European information system aiming at enhancing the efficiency of border crossings and strenghtening the fight against irregular migration, by creating a register of all transborder movements of third country nationals on the territory of the member states operating EES .

Starting with 2023, EES shall register the date, hour and place of entry and exit for third country nationals (TCN) crossing the borders of the member states through any authorised border corssing point (including from Romania). Also, it shall calculate the duration of authorised stay of the TCN and shall generate alerts for the competent authorities, when the authorised stay of the TCN has expired.

The refusal of entry of TCN whose entry for a short stay has been refused shall also be registered by the system, regardless of the member state that took the decision.

Third country national (TCN) = any person which is not a citizen of the Union, except for persons enjoying the right of free movement equivalent to that of Union citizens

WHICH AUTHORITIES HAVE ACCESS TO THE ENTRY / EXIT SYSTEM?

Access to EES is limited for national competent authorities, as border authorities, immigration authorities and visa authorities.

Access to data from the system may be granted, under conditions expressly provided, to designated authorities, responsible for the prevention, detection or investigation of terrorist offences or other serious criminal offences.

EES offers to the authorities information about:

  • Identity data;
  • Biometric data (fingerprints and facial image);
  • Data concerning the travel document;
  • Data concerning the visa;
  • Data related to travels;
  • Data on the refusal of entry.

Carriers use a dedicated web service, to verify if TCN they are transporting have already used the number of authorized entries granted by their visa.

ATTENTION!

You may access the dedicated web service allowing you, based on information related to the travel document and the date of entry or the intended date of exit, to verify if you are within the authorized duration of stay or not and, if the case may be, what is the remaining duration of authorized stay.

WHICH AUTHORITIES HAVE ACCESS TO EES?

EES supports the activities of:

  • border authorities, of those responsible for immigration and visa issues;
  • authorities responsible for the prevention, detection or investigation of terrorist offences or other serious criminal offences.

WHAT DATA ARE AVAILABLE IN EES?

Personal data are processed in EES every time a third country national crosses the border.

The types of data that might be collected and processed in EES are those indicated in  Regulation EU 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011.

EES is an information system relying on the collection of alphanumeric data (such as surname, first name, date of birth etc.) and of biometric data (facial image and four fingerprints), as provided for in articles 15-20 of Regulation no. 2017/2226.

The following data may be collected  by EES:

For TCN subject to a visa requirement

  • surname (family name); first name or names (given names); date of birth; nationality or nationalities; sex;
  • the type and number of the travel document or documents and the three letter code of the issuing country of the travel document or documents;
  • the date of expiry of the validity of the travel document or documents;
  • the facial image taken live or extracted electronically from the chip of the electronic Machine Readable Travel Document;
  • the date and time of the entry/of the exit;
  • the border crossing point of the entry/of the exit and the authority that authorised the entry/the exit;
  • where applicable, the status of that third-country national indicating that he or she is a third-country national who:

(i) is a member of the family of a Union citizen to whom Directive 2004/38/EC applies or of a national of a third country enjoying the right of free movement equivalent to that of Union citizens under an agreement between the Union and its Member States, on the one hand, and a third country, on the other; and

(ii) does not hold a residence card pursuant to Directive 2004/38/EC or a residence permit pursuant to Regulation (EC) No 1030/2002.

  • where applicable, the short-stay visa sticker number, including the three letter code of the issuing Member State, the type of short-stay visa, the end date of the maximum duration of the stay as authorised by the short-stay visa, which shall be updated at each entry, and the date of expiry of the validity of the short-stay visa;
  • on the first entry on the basis of a short-stay visa, the number of entries and the duration of stay authorised by the short-stay visa as indicated on the short-stay visa sticker;
  • where applicable, the information indicating that the short-stay visa has been issued with limited territorial validity pursuant to point (b) of Article 25(1) of Regulation (EC) No 810/2009;
  • for the Member States which do not yet apply the Schengen acquis in full but operate the EES, a notification, where applicable, indicating that the third-country national used a national short-stay visa for the entry.
  • if he/she has been identified as an overstayer,
  • if he/she benefits from the national facilitation programme of a Member State;
  • the refusal of entry, where applicable, and the reasons for such decision;
  • data where the authorisation for short stay or the visa is revoked, annulled or extended, as well as the reasons for that decision;
  • data in case of rebuttal of the presumption that a third-country national does not fulfil the conditions of duration of authorised stay.

For visa-exempt TCN

  • surname (family name); first name or names (given names); date of birth; nationality or nationalities; sex;
  • the type and number of the travel document or documents and the three letter code of the issuing country of the travel document or documents;
  • the date of expiry of the validity of the travel document or documents;
  • the facial image taken live or extracted electronically from the chip of the electronic Machine Readable Travel Document;
  • fingerprint data from the right hand, where present, and otherwise the corresponding fingerprint data from the left hand; fingerprint data shall have sufficient resolution and quality to be used in automated biometric matching;
  • if he/she benefits from the national facilitation programme of a Member State;
  • the date and time of the entry/of the exit;
  • the border crossing point of the entry/of the exit and the authority that authorised the entry/the exit;
  • where applicable, the status of that third-country national indicating that he or she is a third-country national who:

(i) is a member of the family of a Union citizen to whom Directive 2004/38/EC applies or of a national of a third country enjoying the right of free movement equivalent to that of Union citizens under an agreement between the Union and its Member States, on the one hand, and a third country, on the other; and

(ii) does not hold a residence card pursuant to Directive 2004/38/EC or a residence permit pursuant to Regulation (EC) No 1030/2002.

  • if he/she has been identified as an overstayer;
  • the refusal of entry, where applicable, and the reasons for such decision;
  • data where the authorisation for short stay is revoked, annulled or extended, as well as the reasons for that decision;
  • data in case of rebuttal of the presumption that a third-country national does not fulfil the conditions of duration of authorised stay.

WHAT ARE YOUR RIGHTS?

Processing data in EES is performed in line with the European and national data protection rules.

The rights of access, correction and erasure of personal data in the framework of data processing in EES is to be exercised according to:

  • Law on setting up the framework for rendering operational at national level of the Entry/Exit System and of the European Travel Information and Authorisation System;
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
  • Law no. 190/2018 on measures implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), with latest amendments;
  • Law no. 363/2018 on the protection of natural persons against the processing of personal data by the competent authorities for the purpose of prevention, detection, investigation, prosecution and countering of criminal offences or the execution of criminal, education and safety penalties and their free movement.

EES guarantees your right:

  • to have access the data concerning you: you may see if your data are recorded or not in EES;
  • to ask for the correction of inaccurate data: you may ask for the correction of erroneous data in EES;
  • to ask for the erasure of data illegally stored in the system: you may ask for the erasure of data, if this is allowed by law.

Attention!

The requests to correct and/or erase data mandatorily have to include the personal data whose corretion and/or erasure is asked.

The requests have to be written, dated and signed by the person whose data have been processed and are considered valid only if you prove your identity (with a copy of an identity document).

WHAT IS THE PROCEDURE FOR EXERCISING YOUR RIGHTS?

The exercise of legal rights concerning the processing of personal data in EES is done according to art. 52 of Regulation no. 2017/2226.

The requests (https://www.politiadefrontiera.ro/en/main/pg-protection-of-personal-data-44.html ) for personal data processing of data subjects may be transmitted to the General Inspectorate of Border Police by any means (mail, including electronic, fax, by personal appearance).

You will receive an answer within 30 or 60* days at most from submitting the request, taking into account the complexity and the number of requests.

* The deadline  is different depending on the legislation applicable to the content of the request, respectively if EU Regulation no. 679/2016 or Law no. 363/2018 is relevant.

Information provided to such requests is free of charge, except for manifestly unfounded and excessive requests.

Following a request for access, correction or erasure, you will be informed about the measures that have been approved for you to exercise them.

More information about your rights in EES context is available at https://www.politiadefrontiera.ro/en/main/pg-protection-of-personal-data-44.html.

In Romania, the National Data Protection Supervisory Authority (https://www.dataprotection.ro/index.jsp?page=home&lang=en) watches over the way the national law enforcement authorities are processing personal data and ensures, in the same time, that the rights of data subjects are observed.

You have the possibility to file a complaint to the data protection supervisory authority or to address a court of law, according to Law no. 554/2004 on the administrative law, if you are not satisfied with the answer received to your access, correction or erasure request, or for obtaining compensations for an alert concerning you.

Skip to content