Applications of persons regarding processing of their personal data in SIS and VIS - Prawo osób do informacji - Policja.pl

Prawo osób do informacji

Rozmiar czcionki

czcionka normalna
czcionka średnia
czcionka duża

Applications of persons regarding processing of their personal data in SIS and VIS

 

 

CTA NITS  

The Commandant General of the Police, as the Central Technical Authority of the National IT System (NITS), shall be   the controller of personal data processed through the National Information System (KSI), in accordance with Article 10 of the Act of 24 August

2007 on the participation of the Republic of Poland in the Schengen Information System and the Visa Information System (Journal of Laws 2023, item 1355, as amended), hereinafter referred to as the "SIS and VIS Act", i.e. SIS data processed in the Schengen Information System (SIS) in respect of alerts issued by the authorities, referred to in Article 3 of the SIS and VIS Act and VIS data processed in the Visa Information System (VIS) for alerts issued by the authorities referred to in Article 5 of the SIS and VIS Act and shall examine requests by persons for the processing of their personal data in the Schengen Information System (SIS) and the Visa Information System (VIS)

 

I. Data administrator

 

Central Technical Authority of the National IT System – The Commander in Chief of the Police

ul. Puławska 148/150

02-624 Warsaw

tel office: 47 72 148 79, 47 72 131 45

fax office: 47 72 129 21

e-mail: cot.admin.ksi@policja.gov.pl

ePUAP: /PolicjaKGP/skrytka (ePUAP)

e-Doręczenia: AE:PL-32148-68645-HUSFF-09

 

II. Data Protection Officer

 

 

ul. Puławska 148/150

02-624 Warsaw

tel 47 72 127 34,

fax 47 72 128 73

e-mail:iod.kgp@policja.gov.pl

ePUAP: /PolicjaKGP/skrytka (ePUAP)

e-Doręczenia: AE:PL-32148-68645-HUSFF-09

 

III. Purpose and legal basis for the processing of personal data in SIS and VIS

 

  1) Schengen Information System

 

The overall objectives specify:

  • Act of 24 August 2007 on the participation of the Republic of Poland in the Schengen Information System and the Visa Information System;
  • Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU (OJ L 312, 07.12.2018, p. 56, as amended), hereinafter referred to as Regulation 2018/1862;
  • Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, amending the Convention implementing the Schengen Agreement and amending and repealing Regulation (EC) No 1987/2006 (OJ L 312, 07.12.2018, p. 14, as amended), hereinafter referred to as Regulation 2018/1861;
  • Regulation (EU) 2018/1860 of the European Parliament and of the Council of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying third-country nationals (OJ L 312, 07.12.2018, p. 1), hereinafter referred to as Regulation 2018/1860.

 

In general, the purpose of the SIS is to ensure, using the information communicated through this system, a high level of security within the area of freedom, security and justice of the Union, including the maintenance of public security and public policy and the safeguarding of security in the territories of the Member States, as well as to ensure the application of the provisions:

  • Chapter 2 of Title V of Part Three TFEU in relation to the movement of persons within the territory of the Member States (Article 1 of Regulation 2018/1861);
  • Title 4 and Chapter 5 of Title V of Part Three TFEU in relation to the movement of persons within the territory of the Member States (Article 1 of Regulation 2018/1862);
  • SIS and VIS Act.

 

Personal data contained in SIS alerts may be processed for purposes other than those in which those entries were made if it is related to a specific case and justified by the need to prevent an immediate serious public order or public security threat or where it is justified by serious reasons of national security or the need to prevent serious crimes (Article 19 of Regulation 2018/1860, Article 41 par. 5 of Regulation 2018/1861 and Article 56 par. 5 of Regulation 2018/1862).

 

2) Visa Information System

 

The overall objectives state:

  • Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 13.8.2008, p. 60-81, as amended) - VIS Regulation
  • Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System (VIS) (OJ L 213, 15.6.2004, p. 5-7)
  • Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences (OJ L 218/129 of 2008) - VIS Decision
  • Act of 24 August 2007 on the participation of the Republic of Poland in the Schengen Information System and the Visa Information System (Journal of Laws of 2023, item 1355, as amended).

 

The general purpose of the VIS is indicated in Article 2 of the VIS Regulation, which is to improve the implementation of the common visa policy, to improve consular cooperation and the consultation process between central visa authorities by facilitating the exchange of data between Member States on applications and on the decisions relating thereto, with a view to, inter alia:

  1. simplifying the visa application procedure;
  2. to prevent circumvention of the criteria for determining which Member State is responsible for processing the application;
  3. facilitating the fight against abuse;
  4. facilitating checks at the external border crossing points of the Member States and on the territory of the Member States;
  5. to assist in identifying persons who may not fulfil, or who no longer fulfil, the conditions for entry, stay or residence on the territory of the Member States;
  6. to facilitate the application of Regulation (EC) No 343/2003;
  7. contribute to the prevention of threats to the internal security of each Member State.

 

VIS data is processed for the following specific purposes, i.e.:

  1. examination of and decisions on visa applications submitted, as well as decisions to annul, extend, revoke visas - Article 15 of the VIS Regulation ;
  2. the consultation between central visa authorities on visa applications in accordance with Article 22 of Regulation (EC) No 810/2009 of the European Parliament and of the Council of 13 July 2009 establishing a Community Code on Visas (Visa Code) (OJ L 243, 15.09.2009, p. 1) - Article 16 of the VIS Regulation;
  3. production of reports and statistics - Article 17 of the VIS Regulation;
  4. verifying at border crossing points the identity of the visa holder, the authenticity of the visa or the fulfilment of the conditions for entry into the territory of the Member States in accordance with Article 6 of Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code) (OJ L 77/1, 23.03.2016) - Article 18 of the VIS Regulation;
  5. verifying on the territory of the Republic of Poland the identity of the visa holder, the authenticity of the visa or the fulfilment of the conditions of entry into or stay on the territory of the Member States - Article 19 of the VIS Regulation;
  6. to identify a person who does not fulfil or who no longer fulfils the conditions for entry to or stay in the territory of the Member States - Article 20 of the VIS Regulation;
  7. determining the Member State responsible for examining an application for international protection in accordance with
    Articles 12 and 34 of Regulation (EU) No 604/2013 of the European Parliament and of the Council of 26 June 2013 on the establishment of criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person (recast) (OJ EU L 180, 29.06.2013) - Article 21 of the VIS Regulation;
  8. examination of an application for international protection - Article 22 of the VIS Regulation;
  9. implementation of the obligation referred to in Article 25(2) of the VIS Regulation.

In addition, VIS data may be processed for the prevention, detection or prosecution of offences listed in Article 607w of the Act of 6 June 1997. - Code of Criminal Procedure (Journal of Laws of 2025, item 46 as amended), when this is necessary in connection with a specific case and when there are reasonable grounds to believe that consultation of VIS data is essential for the prevention, detection or prosecution of the offences referred to above, in accordance with the VIS Decision.

 

IV. Profiling in the case of VIS data processing

 

Decisions taken by the competent authorities with a view to examining the application for a visa, checking any unauthorised visa or fulfilling the conditions for entry or stay into the territory of the Republic of Poland or a Member State may be based solely on automated processing of personal data (Article 11 paragraph 2 Act SIS and VIS).

 

 

V. Limitations on access to personal data processed in SIS and VIS

 

  1.  Art. 11 Act SIS and VIS

 

The data may be used without the knowledge and consent of the persons whom this data concerns and there is no obligation to disclose the goal for which the data is being collected.

  1. Art. 26 of the Act of 14 December 2018 on the protection of personal data processed in connection with the prevention and combating of crime  (Journal of Laws, item 125 as amanded) - Act d.p.c.c.

 

The information referred to in the provisions of this Chapter shall not be communicated and personal data shall be made available where:

  1. disclosure of information obtained from operational and exploratory activities;
  2. obstructing or preventing the recognition, prevention, detection or suppression of criminal offences;
  3. impede the conduct of criminal, executive, fiscal or fiscal criminal proceedings;
  4. threats to life, human health or safety and public order;
  5. the threat to national security, including the defence or security, and the economic fundamentals of the State;
  6. a material breach of other persons’ personal rights.

 

The controller may communicate the information referred to in paragraph to the data subject  where disclosure would be necessary for the protection of human life or health.

 

  1. Art. 3 - 5 of the Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws of 2019 item 1781) - UODO in connection with art. 23 par. 1 lit. a, c, d and lit. and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 381, 28.12.2006, p. 4–23, as amended) - RODO and taking into account art. 11 Act SIS and VIS.

 

The above rights to request from the administrator access to their personal data, rectification, deletion, restricting their processing or objecting to their processing resulting from the RODO shall be subject to restrictions on access to the requested information and personal data and subject to limitations related to data processing personal data resulting from the above regulations.

 

  1. Art. 67 par. 3 of the Regulation 1862 and art. 53 par. 3 of the Regulation 1861

 

A Member State shall take a decision not to provide information to the data subject, in whole or in part, in accordance with national law, to the extent that, and for as long as such a partial or complete restriction constitutes a necessary and proportionate measure in a democratic society with due regard for the fundamental rights and legitimate interests of the data subject concerned, in order to:

  1. avoid obstructing official or legal inquiries, investigations or procedures;
  2. avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties;
  3. protect public security;
  4. protect national security;
  5. protect the rights and freedoms of others.

In cases referred to in the first subparagraph, the Member State shall, without undue delay, inform in writing the data subject of the refusal or restriction of access and of the reasons for such refusal or restriction. Such information may be omitted if the provision of such information would undermine any of the purposes referred to i.e. Article 67(3), first subparagraph, points (a) to (e) of Regulation 2018/1862 and points (a) to (e) of the first subparagraph of Article 53(3) of Regulation 2018/1861. The Member State shall inform the data subject of the possibility of lodging a complaint to the supervisory authority or of seeking a judicial remedy.

5.    Article 14(4) of the VIS Decision:

 

The provision of information to the data subject shall be refused if such refusal is necessary to carry out a legitimate action in relation to the data or to protect the rights and freedoms of third parties;

 

 

VI. FORMAL CONDITIONS FOR PROPOSALS ON THE IMPLEMENTATION OF THE RIGHTS CONNECTED WITH THE PROCESSING OF PERSONAL DATA IN SIS AND VIS

THE RIGHT OF PEOPLE FOR INFORMATION – general information

  1. Every person has the right to:

 

a) access to own personal data;

b) rectification of incorrect personal data/correction of inaccurate personal data;                       

c) erasure of personal data unlawfully processed;

d) lodging a complaint to the President of the Personal Data Protection Office

e) a claim for payment, compensation or reparation against the person(s) who entered the alert and who is responsible for it in the event of a breach of a person's right in connection with the processing of his/her data in SIS and/or VIS data alerts.

 

The identity of a person misused by a wanted person who is the subject of an alert in the SIS, where the data of a misused person's identity with his or her consent are processed in the SIS in addition to the SIS data alert as data of a person whose identity is used by a person wanted on the basis of an alert in the SIS and are processed in order to:

a)         enable the competent authority to distinguish between the person whose identity has been misused and the person to whom the alert is to be issued, including to avoid any risk of confusion between the person to whom the alert is or is to be issued and the person to whom the identity has been misused, including in order to minimize the risk of misused detention and long-term controls at home and abroad, and

b)         to enable the person whose identity has been misused to prove his or her identity and to show that his or her identity has been misused the right to withdraw at any time its consent to supplement SIS data with additional information concerning its personal data, including photographs and fingerprints, and to the processing of the personal data added in SIS for the purposes specified.

 

2. A person submitting a request to COT KSI for the exercise of his rights referred to above, may act in person or be represented by a representative, unless the nature of the act requires his personal action.

Representative of the person making the application may be a natural person who has the capacity to perform legal acts.

The power of attorney should be granted in writing and include a statement of the intention of the principal to act on his behalf in the case covered by the application. The original of the power of attorney or an officially certified copy of the power of attorney should be forwarded together with the application to COT KSI.

The power of attorney granted in writing (on paper document) by means of traditional letter correspondence (by means of postal operator services) should include the signature of the principal in manuscript. The application shall be accompanied by the original or an officially certified copy of the power of attorney, the conformity of which with the original of which has been certified by a notary or by the applicant party, who is a lawyer, patent attorney or tax advisor.

A power of attorney granted and transmitted in electronic form as an electronic document for an electronic box shall be provided by ePUAP KGP or for an e-mail address of the Main Police Headquarters (e-Service) should be provided with a qualified electronic signature, a trusted signature or a personal signature of the principal. The application sent in electronic form must be accompanied by a power of attorney in the form of an electronic document bearing one of the abovementioned electronic signatures of the principal, or by an electronically authenticated copy of the power of attorney attested to be true to the original using a qualified electronic signature, a trusted signature or a personal signature by a notary or by the applicant party, being a lawyer, a patent attorney or a tax advisor.

The original is not a scan or a copy of the power of attorney granted in writing and sent by means of traditional letter correspondence (by means of postal operator services) or by means of electronic communication, without in this case the power of attorney document being accompanied by a personal signature of the principal (on the original of the document) or an electronic signature equivalent in legal terms with a personal signature, i.e. without its being accompanied by a qualified electronic signature, a trusted signature or the personal signature of the principal.

SCHENGEN INFORMATION SYSTEM (SIS)

  1.  Access to your personal data processed in SIS

                  

For this purpose, a written application should be submitted in Polish, which should obligatorily include:

  1. name(s) and surname of the applicant;
  2. citizenship;
  3. date and place of birth (city and country);
  4. address for return correspondence (country, city, postal code, poviat/area, voivodeship/district, street and house/apartment number) - in the case of an application sent by post;
  5. the subject of the application;
  6. signature of the applicant (in the case of a written application (paper-based document) - containing a handwritten signature, and in the case of an electronic application (electronic document) containing an electronic signature equivalent to a handwritten signature, i.e. - qualified electronic signature, trusted signature or personal signature).

Additionally, in order to unambiguously identify the data, the applicant may provide in the application:

  1. previous/family name;
  2. PESEL number (if the person has it);
  3. sex;
  4. place of residence (country, city, postal code, poviat/area, voivodeship/district, street and house/apartament numer);
  5. attach a photo copy of the page of the identity document containing personal data.

In case of doubts as to the identity of the person who submitted the application, the administrator may request additional information necessary to confirm the person's identity (Article 28 Actd.p.c.c. and Article 12 paragraph 6 GDPR).

  1. Request for rectification of inaccurate personal data processed in SIS, erasure of personal data unlawfully processed in SIS and withdraw consent to the addition personal data to SIS (giving the consent to facilitate solving problems related with misuse of identity)

 

For this purpose, a written application should be submitted in Polish, which should obligatorily include:

  1. name and surname of the applicant;
  2. citizenship;
  3. date and place of birth (city and country);
  4. address for return correspondence (country, city, postal code, poviat/area, voivodeship/district, street and house/apartament number) - in the case of an application sent by post;
  5. the subject of the request with justification:
  • in the case of rectification of inaccurate personal data processed in SIS, please specify what data should be corrected or which are untrue and provide correct data and provide justification confirming the legitimacy of the request;
  • in the case of erasure of personal data unlawfully processed in SIS, please specify what data should be erasure and indicate the justification confirming the legitimacy of erasure of this data;
  • in the event that the victim has withdrawn his or her identity from the SIS consent to the processing of his or her personal data as a misused person in addition to the SIS data alert as a person whose identity is used by a person wanted on the basis of an SIS data alert, please indicate clearly in the request that the consent to the processing of the aforementioned SIS data has been withdrawn;
  1. signature of the applicant (in the case of a written application (paper-based document) - containing a handwritten signature, and in the case of an electronic application (electronic document) containing an electronic signature equivalent to a handwritten signature, i.e. - qualified electronic signature, trusted signature or personal signature).

Additionally, in order to unambiguously identify the data, the applicant may provide in the application:

  1. previous/family name;
  2. PESEL number (if the person has it);
  3. sex;
  4. place of residence (country, city, postal code, poviat/area, voivodeship/district, street and house/apartment number);
  5. attach a photocopy of the page of the identity document containing personal data.

In case of doubts as to the identity of the person who submitted the application, the administrator may request additional information necessary to confirm the person's identity (Article 28 Actd.p.c.c. and Article 12 paragraph 6 GDPR).

  1. The application to CTA NITS can be directed to:

a) in paper form (the application must bear the personal signature of the person lodging the application or of a representative acting on his behalf, together with a document of power of attorney meeting the requirements referred to in point VI above) by post to:

KSI Central Technical Authority

Police Headquarters

Puławska 148/150

02-624 Warsaw

Poland

b) in electronic form (the application must contain an electronic signature equivalent in legal terms to a handwritten signature, i.e. a qualified electronic signature, a trusted signature or a personal signature of the person making the application or acting on its behalf, together with a proxy document fulfilling the requirements referred to in point (VI) above) by the following means of electronic communication:

- via ePUAP, available at: http://bip.kgp.policja.gov.pl/kgp/elektroniczna-skrzynka/11424,Elektroniczna-skrzynka-podawcza.html (until 31 December 2025 only)

- public service of registered electronic service (e-Service) to: AE:PL-32148-68645-HUSFF-09

- by email to: cot.admin.ksi@policja.gov.pl

  1. Application template:

You can use the form below to submit an application.

REQUEST FORM FOR THE PROCESSING OF PERSONAL DATA IN SIS

VISA INFORMATION SYSTEM (VIS)

  1.  Access to your personal data processed in VIS

For this purpose, a written application should be submitted in Polish, which should obligatorily include:

  1. name(s) and surname of the applicant;
  2. citizenship;
  3. date and place of birth (city and country);
  4. address for return correspondence (country, city, postal code, poviat/area, voivodeship/district, street and house/apartament number) - in the case of an application sent by post;
  5. the subject of the application;
  6. signature of the applicant (in the case of a written application (paper-based document) - containing a handwritten signature, and in the case of an electronic application (electronic document) containing an electronic signature equivalent to a handwritten signature, i.e. - qualified electronic signature, trusted signature or personal signature).

Additionally, in order to unambiguously identify the data, the applicant may provide in the application:

  1. previous/family name;
  2. PESEL number (if the person has it);
  3. sex;
  4. attach a photocopy of the page of the identity document containing personal data.

In case of doubts as to the identity of the person who submitted the application, the administrator may request additional information necessary to confirm the person'sidentity (Article 28 Actd.p.c.c. and Article 12 paragraph 6 GDPR).

  1. Request for correction of inaccurate data processed in VIS and deletion of personal data unlawfully processed in VIS

For this purpose, a written application should be submitted in Polish, which should obligatorily include:

  1. name(s) and surname of the applicant;
  2. citizenship;
  3. date and place of birth (city and country);
  4. address for return correspondence (country, city, postal code, poviat/area, voivodeship/district, street and house/apartment number) - in the case of an application sent by post;
  5. the subject of the request with justification:
  • in the case of correction of inaccurate data processed in VIS, please specify what data should be corrected or which are untrue and provide correct data and provide justification confirming the legitimacy of the request;
  • in the case of deletion of personal data unlawfully processed in VIS, please specify what data should be deleted and indicate the justification confirming the legitimacy of deletion of this data;

f) signature of the applicant (in the case of a written application (paper-based document) - containing a handwritten signature, and in the case of an electronic application (electronic document) containing an electronic signature equivalent to a handwritten signature, i.e. - qualified electronic signature, trusted signature or personal signature).

Additionally, in order to unambiguously identify the data, the applicant may provide in the application:

  1. previous/family name;
  2. PESEL number (if the person has it);
  3. sex;
  4. attach a photocopy of the page of the identity document containing personal data.

In case of doubts as to the identity of the person who submitted the application, the administrator may request additional information necessary to confirm the person'sidentity (Article 28 Actd.p.c.c. and Article 12 paragraph 6 GDPR).

  1. The application to CTA NITS can be directed to:

 

a) in paper form (the application must bear the personal signature of the person lodging the application or of a representative acting on his behalf, together with a document of power of attorney meeting the requirements referred to in point VI above) by post to:

KSI Central Technical Authority

Police Headquarters

Puławska 148/150

02-624 Warsaw

Poland

b) in electronic form (the application must contain an electronic signature equivalent in legal terms to a handwritten signature, i.e. a qualified electronic signature, a trusted signature or a personal signature of the person making the application or acting on its behalf, together with a proxy document fulfilling the requirements referred to in point (VI) above) by the following means of electronic communication:

- via ePUAP, available at: http://bip.kgp.policja.gov.pl/kgp/elektroniczna-skrzynka/11424,Elektroniczna-skrzynka-podawcza.html (until 31 December 2025 only)

- public service of registered electronic service (e-Service) to: AE:PL-32148-68645-HUSFF-09

- by email to: cot.admin.ksi@policja.gov.pl

  1. Application template:

You can use the form below to submit an application.

REQUEST FORM FOR THE PROCESSING OF PERSONAL DATA IN VIS

CONTACT

IN THE CASE OF ADDITIONAL QUESTIONS CONCERNING THE RULES FOR SUBMISSION OF APPLICATIONS

phone :

+ 48 47 72 138 04

+ 48 47 72 153 03
+ 48 47 72 137 67

+ 48 47 72 139 97

+ 48 47 72 153 36

e-mail :         

cot.admin.ksi@policja.gov.pl

RIGHT TO COMPLAIN AND TO CLAIM PAYMENT, COMPENSATION OR COMPENSATION

 

Any person whose data is processed in SIS or VIS has the right to:

 

1. lodge a complaint with the President of the Office for the Protection of Personal Data if it is established that the processing of personal data in SIS or VIS is carried out in breach of the provisions of the law on the protection of personal data relating to the processing of personal data in SIS or VIS, including in breach of the provisions of Regulation 2018/1862, Regulation 2018/1861, Regulation 2018/1860 or Regulation VIS and Decision VIS.

 

The complaint may be made:

(a)   in traditional written form, to the address: President of the Office for Personal Data Protection, ul.Moniuszki 1 A, 00-014 Warszawa, Poland

(b)   in electronic form: by e-mail, they can be found at: https://www.uodo.gov.pl

For more information: www.uodo.gov.pl

 

2. a claim for payment, compensation or reparation if the claim involves a breach of his rights in connection with the entry of his data in the SIS or VIS or damage caused by a breach of those rights, against the authority which entered the alert in the SIS or VIS and who is responsible for it.

 

Such a claim may be made:

(a)   in the case of an action for a claim against authorities which are organizational units of the State Treasury, which are established in the Republic of Poland, to a district court within the territory of the Republic of Poland, which is competent according to the registered office of that authority, i.e. competent according to the registered office of the state unit with which the claim relates (Article 17, paragraph 45 and Article 29 of the Act of 17 November 1964 Code of Civil Procedure)

(b)  in the event of an action for a claim against a authority established in another EU Member State, to a court competent under the national law of that State where the authority issuing the alert in the SIS or VIS and which the claim relates, is established.

 

 

 

Legal basis:

REQUEST FORMS

Powrót na górę strony