Data protection

Frontex, as an EU agency, collects and further processes personal data in accordance with the provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC, L295, 21.11.2018, p. 39-98.

Frontex has appointed a Data Protection Officer – member of the staff who is entrusted with the main task of ensuring, in an independent manner, the internal application of the Data Protection Regulation.

As a general principle, the agency only processes personal data for the performance of tasks carried out in the public interest on the basis of the Treaties establishing the European Union, the funding Regulation or in the legitimate exercise of official authority vested in the agency or in a third party to whom the data are disclosed.

All processing operations of personal data are duly reported to the Frontex Data Protection Officer and, if the situation requires, to the European Data Protection Supervisor (Register).  

Frontex guarantees that the information collected is processed and/or accessed only by the members of its staff responsible of the corresponding processing operations. In a very rare cases and under a strict supervision and limitations, personal data are made available to external parties (contractors). In line with the Article 45(2) of the funding Regulation, Specific Implementing Measures are also in place.

Data subjects (individuals whose data are being processed) have the right to access and rectify their data in a written request to be addressed to the agency. In case consent of the data subject is a legal basis for processing of personal data, this consent may be withdrawn at any time.

Data subjects may at any time consult Frontex Data Protection Officer (dataprotectionoffice@frontex.europa.eu) or a Data Controller responsible for a particular data processing operation. Data subjects have a recourse to the European Data Protection Supervisor.

Frontex is authorised under very strict conditions foreseen in Article 48 of the funding Regulation to process personal data of certain groups of returnees. Further information can be found here. Additionally, Frontex is entitled by Article 47(1)(a) of the funding Regulation to process personal data related to individuals suspected of involvement in facilitation of illegal migration, human trafficking or other cross-border crimes, like terrorism, but only in the situations strictly foreseen in that provision (privacy statement).


Privacy notice related to the supervisory mechanism on the use of force by standing corps officers and deployed members of the teams

Your personal data (name, surname, date of birth, place of birth, document details, information about physical injury, information about other damages) is collected and processed by Frontex for the purpose of supervising of the use of force by the Frontex standing corps officers, and officers deployed by Frontex. Your personal data is processed in accordance with Regulation (EU) 2018/1725 on the processing of personal data by the EU institutions.

The controller of your data is the Head of Inspection and Control Office. You can contact the controller by email: HoO.ICO@frontex.europa.eu.

The legal basis of processing your personal data is Article 87 (1) (h) of the Regulation (EU) 2019/1896 and Frontex Management Board Decision no. 7/2021 establishing a supervisory mechanism to monitor the application of the provisions on the use of force. The supervisory mechanism enables the Agency to conduct preliminary assessments, administrative inquiries, pre-disciplinary proceedings, and disciplinary proceeding as regards its statutory staff members. Some of your data may be transmitted to the Member States authorities to ensure appropriate action in case of use of force by the Member State officers.

Your data will be kept by Frontex for 5 years from the incident. After 5 years, the data will be automatically deleted. 

You can exercise your rights, including the right to request access to your data, request for rectification of your data by contacting the controller or Frontex’ Data Protection Officer (dataprotection@frontex.europa.eu). You may lodge a complaint to the European Data Protection Supervisor.

There is no profiling or decision making done based on your data and your data is not shared with third countries or international organisations.


Data protection notice for Frontex Forced-Return Monitoring System (FRMS)

Your personal data (such as gender, age, nationality, seat number, incident details, applied coercive measures, etc) may be processed by the Frontex Fundamental Rights Officer, as Controller, for the purpose of monitoring forced-return operations carried out by the forced-return monitor on the basis of objective and transparent criteria and covering the whole return operation from the pre-departure phase until the handover of the returnees in the third country of return). You may contact the Controller at: fro.coordination@frontex.europa.eu

The legal basis for processing your personal data is Article 50, 51 and 81 of Regulation (EU) 2019/1896 of the European Parliament and of the Council of 13 November 2019 on the European Border and Coast Guard.

Your data will be kept for the duration of five years. You can exercise your rights, including the right to access, right to rectification, right to erasure, right to object the processing. If you would like to exercise any of these rights, or receive further information about processing of your personal data, please contact the controller at fro.coordination@frontex.europa.eu, or the Data Protection Officer of Frontex at dataprotectionoffice@frontex.europa.eu.

You have the right to lodge a complaint with the European Data Protection Supervisor if you consider that your data protection rights have been infringed.

Your data will not be transferred to third countries or international organisations.

The recipient of your data will be the Frontex Fundamental Rights Officer.

Your personal data will not be used for an automated decision-making including profiling.


Privacy statement for Access to Schengen Information System (A2SIS)

Your personal data may be processed by Frontex for the purpose of carrying out border checks, border surveillance and return operations on behalf of the EU Member States . Frontex has the right to access and search data in SIS with the use of A2SIS system and has to keep logs to ensure that the search in SIS was lawful, for monitoring the lawfulness of data processing, for self-monitoring and ensuring proper data security and security.

The controller as regards the data logged of the activities mentioned above done upon your personal data is the European Border and Coast Guard Agency (Frontex), on behalf of which the Deputy Executive Director for Operations acts, who can be contacted here: ded.ops@frontex.europa.eu

You can also contact the Data Protection Officer for questions related to the processing of your personal data here: dataprotectionoffice@frontex.europa.eu

The legal basis for processing this personal data is given by Article 36 of Regulation (EU) 2018/1861 and Article 17(3) of Regulation (EU) 2018/1860, in accordance with Article 82(10) of Regulation (EU) 2019/1896 of 13 November 2019 on the European Border and Coast Guard (see also Article 5(1)(a) of Regulation 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (EUI DPR)).

Some of your data would be seen by dedicated Frontex staff only and the members of the European Border and Coast Guard teams. If the data appears in the logs, it will be stored for a period of 3 years from the date when related entry in the log has been created.

You have the right to request access to and rectification or erasure of your personal data through the SIS National Competent authorities. Where applicable, you have the right to restrict the processing of your personal data, and to object to the processing. These guidelines will help you how to do so: The Schengen Information System - a guide for exercising data subjects’ rights: the right of access, rectification and erasure | European Data Protection Board (europa.eu). You have also the right to lodge a complaint with the European Data Protection Supervisor (Complaint form | European Data Protection Supervisor (europa.eu)) if you consider that your data protection rights have been infringed.

The data categories that Frontex may store in the logs related to possible matches with SIS are: the data used to perform a search, and a reference to the data processed in SIS. There is no automated decision-making nor profiling, nor will your data be transferred to any third country or international organisation.

The statutory requirement of providing personal data is Article 8(2) of the Regulation (EU) 2016/399 (Schengen Border Code) with regards to border checks, Article 13 with regards to border surveillance and Regulation (EU) 2018/1860 with regards to return of illegally staying third-country nationals. 


Privacy statement for Access to Schengen Information System (A2SIS) for general public

Your personal data may be processed by Frontex for the purpose of carrying out border checks, border surveillance and return operations on behalf of the EU Member States. Frontex has the right to access and search data in SIS with the use of A2SIS system as processor on behalf of the Member State as controller, and Frontex has to keep logs to ensure that the search in SIS was lawful, for monitoring the lawfulness of data processing, for self-monitoring and ensuring proper data security and security.

The controller as regards the data logged of the activities mentioned above done upon your personal data is the European Border and Coast Guard Agency (Frontex), on behalf of which the Deputy Executive Director for Operations acts, who can be contacted here: ded.ops@frontex.europa.eu

You can also contact the Data Protection Officer for questions related to the processing of your personal data here: dataprotectionoffice@frontex.europa.eu

The legal basis for processing this personal data is given by Article 36 of Regulation (EU) 2018/1861 and Article 17(3) of Regulation (EU) 2018/1860, in accordance with Article 82(10) of Regulation (EU) 2019/1896 of 13 November 2019 on the European Border and Coast Guard (see also Article 5(1)(a) of Regulation 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (EUI DPR)).

Some of your data would be seen by dedicated Frontex staff only and the members of the European Border and Coast Guard teams.

If the data appears in the logs, it will be stored for a period of 3 years from the date when related entry in the log has been created.

You have the right to request access to and rectification or erasure of your personal data through the SIS National Competent authorities. Where applicable, you have the right to restrict the processing of your personal data, and to object to the processing. These guidelines will help you how to do so: The Schengen Information System - a guide for exercising data subjects’ rights: the right of access, rectification and erasure | European Data Protection Board (europa.eu)

You have also the right to lodge a complaint with the European Data Protection Supervisor (https://edps.europa.eu/data-protection/our-role-supervisor/complaints/edps-complaint-form_en) if you consider that your data protection rights have been infringed.

The data categories that Frontex may store in the logs related to possible matches with SIS are: the data used to perform a search, and a reference to the data processed in SIS and technical data (date and time of the search etc.).

There is no automated decision-making nor profiling, nor will your data be transferred to any third country or international organisation.

The statutory requirement of providing personal data is Article 8(2) of the Regulation (EU) 2016/399 (Schengen Border Code) with regards to border checks, Article 13 with regards to border surveillance and Regulation (EU) 2018/1860 with regards to return of illegally staying third-country nationals.