MFA Data Protection

Personal data protection

INFORMATION REGARDING THE PROTECTION OF PERSONAL DATA

In line with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR) , of Law no. 506/2004 regarding the processing of personal data and the protection of private life in the sector of electronic communications, as well as of Law 271/2010 for the establishment, organization and functioning of the National Visa Information System and the alignment of Romania to the Visa Information System, as personal data controller, the Ministry of Foreign Affairs of Romania (hereinafter referred to as the MFA), located in Aleea Alexandru 31, Sector 1, Bucharest, Romania, processes and manages the personal data you provide according to law, in relation to your person, a member of your family or another person, securely, lawfully and exclusively for the specified, well-determined purposes established through the legal framework in force. The Ministry of Foreign Affairs of Romania has appointed a Data Protection Officer – dpo@mae.ro

The purpose of the data collection is the facilitation of the receipt and processing of Romanian entry visa applications.

The present notification is in reference to the processing of personal data by the controller, for the specific purpose of the processing and examination of Romanian visa applications, as well as for the issuance of visas by Romania. The data subjects who have their data collected for the specified purpose, who choose to apply for an entry visa to Romania, online, through the eVisa national portal for the facilitation of the visa application process (eVisa portal) , are obliged to furnish the data requested through the visa application form*. The refusal to provide the data required through any of the visa application forms triggers the inadmissibility of the visa application that shall not be thereby collected by the Diplomatic Missions/Consular Posts of Romania.

The registered information is destined exclusively for the use of the data controller and are communicated, by the data subject(s), only to the Diplomatic Missions/Consular Posts of Romania, in order to be collected from the eVisa external portal.

As per the provisions of the GDPR, data subjects benefit from the following rights in relation to the processing of their personal data:

• the right to be informed;
• the right of access to data;
• the right to rectification of data;
• the right to object;
• the right to erasure of data;
• the right to restriction of processing;
• the right to data portability of and the right to not be subject to automated individual decision-making;
• the right to file a complaint to the data controller, to the supervisory authority and to a court of law.

In accordance with the provisions of the GDPR, you benefit from the possibility of exercising your right to be informed; the right of access to data; the right to rectification of data; the right to the erasure of data**; the right to object to the processing of your data**; the right to the restriction of the processing; the right to not be subject to an automated individual decision-making**; the right to withdraw your consent as regards the processing, without affecting the legality of the processing during the period of existence of said consent of the data subject; the right to file a complaint with the data controller and to the national supervisory authority ( http://www.dataprotection.ro/ ); the right to address to a court of law. In order to exercise these rights you may address the Data Protection Officer of the MFA, with a written, dated and signed request. Your data communicated via the eVisa portal shall not be transferred abroad. In addition, in order to exercise the rights mentioned above, please note that you can access the official webpage of the Romanian MFA – www.mae.ro , where forms for the exercising of these rights can be downloaded from.

If any of your data is incorrect, please inform us as soon as possible.

NOTE:

* By signing the visa application forms that must be consulted and signed upon your personal appearance in front of the competent staff of the MFA, you have the opportunity to give your specific consent with regard to the processing of your personal data and you can consult, in detail, the terms and conditions in relation to such processing. The fields from the visa application forms marked with (*) shall not be filled-in by third-state nationals who are family members of citizens of the European Union, European Economic Area or Swiss Confederation (spouse, child or dependent ascendant).

** Should you not agree to the processing of personal data regarding your person and you oppose this processing, you must take into account that your visa application becomes inadmissible and your data can no longer be processed in view of applying for a Romanian entry visa. At the same time, should you request the erasure of your personal data, while holding a valid visa obtained as per that data, your visa shall be revoked. Should your visa application not have yet been decided upon, a decision regarding that application shall no longer be taken and you must take into account that the visa processing fee is non-refundable. In line with the provisions of Art.20 of the GDPR, a data subject benefits from the right to the portability of data and in accordance with Art.22 of the same legal instrument, the data subject benefits from the right of not being subject to a process of automated individual decision-making. In relation to the activity related to the issuance of visas, the data collected for the examination and issuance of visas by the data controller as the central competent authority, is not transmitted to another data controller, given that the work practices inherent to this domain are specifically and clearly established by the European and national legislation in force and the use of transmitted data is, hence, not possible. Also, the examination and issuance of a visa is at no time based on automated individual decision-making processes. Therefore, in relation to the visa activity, the exercising of these two rights has no object.

IMPORTANT INFORMATION:

Personal data of data subjects is processed in line with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR).

Personal data sent via the eVisa electronic portal by third state nationals who require a visa in order to travel to Romania, is provided to the Ministry of Foreign Affairs of Romania and processed by this institution, for the well-established purpose of processing, examining and issuing visas.

SUPPLYING PERSONAL DATA VIA THE eVISA PORTAL, SHOULD YOU CHOOSE TO SUBMIT AN ONLINE VISA APPLICATION:

The categories of data subjects the personal data of which is to be processed for the purpose of processing and issuing Romanian entry visas: third state nationals that fall under the incidence of laws that regulate the status of aliens in Romania, by lodging visa applications, regardless of the purpose of their trip(s).

When using the external eVisa portal, upon launching the process of applying for a visa online, it is necessary that you read and agree to the terms and conditions regarding the provision of your personal data for the purpose of processing and issuing Romanian entry visas.

The personal data provided via the eVisa external portal is used solely for the purpose of processing, examining and issuing Romanian entry visas. This data will be sent to the Romanian MFA and later examined, solely after the data subject has given their consent in this respect, by agreeing to the terms and conditions regarding this aspect.

The Romanian MFA solely processes the categories of personal data necessary for examining a visa application, as established at European level, for the purpose of issuing a Romanian entry visa. The MFA does neither require, nor processes personal data regarding racial or ethnic origin, political opinions, religious or philosophical beliefs or of a similar nature, trade-union membership, as well as personal data regarding health or sex life, outside of the scopes established through the legal framework that establishes visa policy.

DETAILS OF INTEREST:

• All personal data requested through the visa application form(s) integrated into the eVisa external portal is made available to the diplomatic missions and consular posts of Romania where the visa applicant chooses to present oneself.
• Data from the eVisa external portal is stored on a central secure server that belongs to the Ministry of Foreign Affairs of Romania. When a visa application file is sent to a diplomatic mission/consular post of Romania, that file shall in fact be transferred into the internal eVisa portal, being stored on a secured central server in the intranet of the Romanian MFA. At this time, personal data from the external portal will be fully transferred to the secure network of the MFA, and will no longer be available online.
• When a visa applicant does not wrap up an online visa application file, the partial personal data filled-in on the external portal up to a certain point, is stored on the central server of the MFA that corresponds to the eVisa external portal, for a time period limited to up to 30 days. Upon expiry of this time period, the incomplete file, as well as any and all related filled-in data shall be automatically deleted and no longer be available online.
• Personal data supplied via online visa application files in the eVisa portal, will solely be made available to the competent Romanian authorities and will be processed by these authorities solely for the purpose of deciding upon visa applications sent via this portal. This data may also be input and stored into databases accessible solely to the national Romanian authorities that exercise competencies in the field of visas, as per national and European legislation in force.
• The identity of the personal data controller: the Ministry of Foreign Affairs of Romania.
• The purpose for which the furnished personal data is processed by the controller: solely the processing/examination of visa applications lodged by third-state nationals who require a visa in order to travel to Romania and in view of issuing an entry visa for Romania.
• The recipients of personal data submitted for the purpose of applying for Romanian entry visas: solely the competent national authorities established under Art.30 of Emergency Government Ordinance no. 194/2002 regarding the regime of aliens in Romania, republished, modified and completed [AS1].
• Visa applicants who do not wish to provide the personal data necessary for filling-in the standard visa application form(s), must note that failure to supply all necessary data may lead to their visa application becoming inadmissible, or, depending on the case, to the refusal of the visa applied for, the revocation of an already issued visa etc.