Frontex, as
an EU agency, collects and further processes personal data in accordance with
the provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council
of 23 October 2018 on the protection of natural persons with regard to the
processing of personal data by the Union institutions, bodies, offices and
agencies and on the free movement of such data, and repealing Regulation (EC)
No 45/2001 and Decision No 1247/2002/EC, L295, 21.11.2018, p. 39-98.
Frontex has
appointed a Data Protection Officer – member of the staff who is entrusted with
the main task of ensuring, in an independent manner, the internal application
of the Data Protection Regulation.
As a
general principle, the agency only processes personal data for the performance
of tasks carried out in the public interest on the basis of the Treaties
establishing the European Union, the funding Regulation or in the legitimate
exercise of official authority vested in the agency or in a third party to whom
the data are disclosed.
All
processing operations of personal data are duly reported to the Frontex Data
Protection Officer and, if the situation requires, to the European Data
Protection Supervisor (Register).
Frontex
guarantees that the information collected is processed and/or accessed only by
the members of its staff responsible of the corresponding processing
operations. In a very rare cases and under a strict supervision and
limitations, personal data are made available to external parties
(contractors). In line with the Article 45(2) of the funding Regulation, Specific Implementing Measures are also in place.
Data
subjects (individuals whose data are being processed) have the right to access
and rectify their data in a written request to be addressed to the agency. In
case consent of the data subject is a legal basis for processing of
personal data, this consent may be withdrawn at any time.
Data
subjects may at any time consult Frontex Data Protection Officer (dataprotectionoffice@frontex.europa.eu) or a Data Controller
responsible for a particular data processing operation. Data subjects have a
recourse to the European
Data Protection Supervisor.
Frontex is
authorised under very strict conditions foreseen in Article 48 of the funding
Regulation to process personal data of certain groups of returnees. Further
information can be found here. Additionally, Frontex is entitled by Article 47(1)(a) of the funding
Regulation to process personal data related to individuals suspected of
involvement in facilitation of illegal migration, human trafficking or other
cross-border crimes, like terrorism, but only in the situations strictly
foreseen in that provision (privacy statement).
Privacy notice related to the supervisory mechanism on the use of force by standing corps officers and deployed members of the teams
Your
personal data (name, surname, date of birth, place of birth, document details,
information about physical injury, information about other damages) is
collected and processed by Frontex for the purpose of supervising of the use of
force by the Frontex standing corps officers, and officers deployed by Frontex.
Your personal data is processed in accordance with Regulation (EU) 2018/1725 on
the processing of personal data by the EU institutions.
The
controller of your data is the Head of Inspection and Control Office. You can
contact the controller by email: HoO.ICO@frontex.europa.eu.
The legal
basis of processing your personal data is Article 87 (1) (h) of the Regulation
(EU) 2019/1896 and Frontex Management Board Decision no. 7/2021 establishing a
supervisory mechanism to monitor the application of the provisions on the use
of force. The supervisory mechanism enables the Agency to conduct preliminary
assessments, administrative inquiries, pre-disciplinary proceedings, and
disciplinary proceeding as regards its statutory staff members. Some of your
data may be transmitted to the Member States authorities to ensure appropriate
action in case of use of force by the Member State officers.
Your data
will be kept by Frontex for 5 years from the incident. After 5 years, the data
will be automatically deleted.
You can
exercise your rights, including the right to request access to your data,
request for rectification of your data by contacting the controller or Frontex’
Data Protection Officer (dataprotection@frontex.europa.eu). You may lodge a complaint to
the European Data Protection Supervisor.
There is no profiling or decision making done
based on your data and your data is not shared with third countries or
international organisations.
Data protection notice for Frontex Forced-Return Monitoring System (FRMS)
Your
personal data (such as gender, age, nationality, seat number, incident details,
applied coercive measures, etc) may be processed by the Frontex Fundamental
Rights Officer, as Controller, for the purpose of monitoring forced-return
operations carried out by the forced-return monitor on the basis of objective
and transparent criteria and covering the whole return operation from the
pre-departure phase until the handover of the returnees in the third country of
return). You may contact the Controller at: fro.coordination@frontex.europa.eu
The legal
basis for processing your personal data is Article 50, 51 and 81 of Regulation
(EU) 2019/1896 of the European Parliament and of the Council of 13 November
2019 on the European Border and Coast Guard.
Your data
will be kept for the duration of five years. You can exercise your rights,
including the right to access, right to rectification, right to erasure, right
to object the processing. If you would like to exercise any of these rights, or
receive further information about processing of your personal data, please
contact the controller at fro.coordination@frontex.europa.eu, or the Data
Protection Officer of Frontex at dataprotectionoffice@frontex.europa.eu.
You have
the right to lodge a complaint with the European Data Protection Supervisor if you consider that your
data protection rights have been infringed.
Your data will
not be transferred to third countries or international organisations.
The
recipient of your data will be the Frontex Fundamental Rights Officer.
Your
personal data will not be used for an automated decision-making including
profiling.
Privacy statement for Access to Schengen Information System (A2SIS)
Your
personal data may be processed by Frontex for the purpose of carrying out
border checks, border surveillance and return operations on behalf of the EU
Member States . Frontex has the right to access and search data in SIS with the
use of A2SIS system and has to keep logs to ensure that the search in SIS was
lawful, for monitoring the lawfulness of data processing, for self-monitoring
and ensuring proper data security and security.
The
controller as regards the data logged of the activities mentioned above done
upon your personal data is the European Border and Coast Guard Agency
(Frontex), on behalf of which the Deputy Executive Director for Operations
acts, who can be contacted here: ded.ops@frontex.europa.eu
You can
also contact the Data Protection Officer for questions related to the
processing of your personal data here: dataprotectionoffice@frontex.europa.eu
The legal
basis for processing this personal data is given by Article 36 of Regulation
(EU) 2018/1861 and Article 17(3) of Regulation (EU) 2018/1860, in accordance
with Article 82(10) of Regulation (EU) 2019/1896 of 13 November 2019 on the
European Border and Coast Guard (see also Article 5(1)(a) of Regulation
2018/1725 on the protection of natural persons with regard to the processing of
personal data by the Union institutions, bodies, offices and agencies and on
the free movement of such data (EUI DPR)).
Some of
your data would be seen by dedicated Frontex staff only and the members of the
European Border and Coast Guard teams. If the data
appears in the logs, it will be stored for a period of 3 years from the date
when related entry in the log has been created.
You have
the right to request access to and rectification or erasure of your personal
data through the SIS National Competent authorities. Where applicable,
you have the right to restrict the processing of your personal data, and to
object to the processing. These
guidelines will help you how to do so: The
Schengen Information System - a guide for exercising data subjects’ rights: the
right of access, rectification and erasure | European Data Protection Board
(europa.eu). You have also the right to lodge a
complaint with the European Data Protection Supervisor (Complaint form | European Data Protection Supervisor (europa.eu)) if you consider that your data
protection rights have been infringed.
The data
categories that Frontex may store in the logs related to possible matches with
SIS are: the data used to perform a search, and a reference to the data
processed in SIS. There is no
automated decision-making nor profiling, nor will your data be transferred to
any third country or international organisation.
The statutory requirement of providing personal data
is Article 8(2) of the Regulation (EU) 2016/399 (Schengen Border Code) with
regards to border checks, Article 13 with regards to border surveillance and Regulation
(EU) 2018/1860 with regards to return of illegally staying third-country
nationals.
Privacy statement for Access to Schengen Information System (A2SIS) for general public
Your
personal data may be processed by Frontex for the purpose of carrying out
border checks, border surveillance and return operations on behalf of the EU
Member States. Frontex has the right to access and search data in SIS with the
use of A2SIS system as processor on behalf of the Member State as controller,
and Frontex has to keep logs to ensure that the search in SIS was lawful, for
monitoring the lawfulness of data processing, for self-monitoring and ensuring
proper data security and security.
The
controller as regards the data logged of the activities mentioned above done
upon your personal data is the European Border and Coast Guard Agency
(Frontex), on behalf of which the Deputy Executive Director for Operations
acts, who can be contacted here: ded.ops@frontex.europa.eu
You can
also contact the Data Protection Officer for questions related to the
processing of your personal data here: dataprotectionoffice@frontex.europa.eu
The legal
basis for processing this personal data is given by Article 36 of Regulation
(EU) 2018/1861 and Article 17(3) of Regulation (EU) 2018/1860, in accordance
with Article 82(10) of Regulation (EU) 2019/1896 of 13 November 2019 on the
European Border and Coast Guard (see also Article 5(1)(a) of Regulation
2018/1725 on the protection of natural persons with regard to the processing of
personal data by the Union institutions, bodies, offices and agencies and on
the free movement of such data (EUI DPR)).
Some of
your data would be seen by dedicated Frontex staff only and the members of the
European Border and Coast Guard teams.
If the data
appears in the logs, it will be stored for a period of 3 years from the date
when related entry in the log has been created.
You have
the right to request access to and rectification or erasure of your personal
data through the SIS National Competent authorities. Where applicable, you have the right to restrict
the processing of your personal data, and to object to the processing. These guidelines will help you how
to do so: The
Schengen Information System - a guide for exercising data subjects’ rights: the
right of access, rectification and erasure | European Data Protection Board
(europa.eu)
You have
also the right to lodge a complaint with the European Data Protection
Supervisor (https://edps.europa.eu/data-protection/our-role-supervisor/complaints/edps-complaint-form_en) if you consider that your data
protection rights have been infringed.
The data
categories that Frontex may store in the logs related to possible matches with
SIS are: the data used to perform a search, and a reference to the data
processed in SIS and technical data (date and time of the search etc.).
There is no
automated decision-making nor profiling, nor will your data be transferred to
any third country or international organisation.
The
statutory requirement of providing personal data is Article 8(2) of the
Regulation (EU) 2016/399 (Schengen Border Code) with regards to border checks,
Article 13 with regards to border surveillance and Regulation (EU) 2018/1860
with regards to return of illegally staying third-country nationals.