Data protection


Privacy notice: Travel to Europe application

1. About the app, information on the controller and the processor

This Privacy notice is only for information purposes. The privacy notice issued by the controller prevails.

The Travel to Europe Application was designed to enable the pre-registration of travellers’ data in the context of the European Entry/Exit System.

The European Border and Coast Guard Agency (Frontex), as an EU agency, is the data processor who collects and further processes personal data in accordance with the provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (the “EUIDPR”) on behalf of Member States taking the capacity of Controllers under the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”).

The Member States having decided to use the app are the controllers of the information collected through the app. The contact details of these controllers are available within the app depending on the country of destination.

Processor’s contact information:

●       Address: European Square 6, 00-844 Warsaw, Poland

●       E-mail: frontex@frontex.europa.eu

2. Data Protection Officer

The contact details of the Data Protection Officers of the controllers are available within the app depending on the country of destination.

The Data Protection Officer of Frontex as processor may be consulted at any time via dataprotectionoffice@frontex.europa.eu.

3. Data processing purposes

Your personal data are collected directly from you, when you are the person using the Travel to Europe Application and filling out the border check-in questionnaire.

Your personal data may also be collected indirectly, when you are a “co-traveller” and another person, authorized by you, fills out the border check-in questionnaire in the Travel to Europe Application on your behalf.

The processing of personal data aims to facilitate the border crossing process by allowing the traveller to send it in advance to the Controller’s national system, for the following purposes (the purposes further specified in the controller’s privacy notice):

·       Facilitating the enrolment of data in the Entry and Exit System (Article  39 of the Regulation (EU) 2017/2226)

·       Pre-evaluation of the entry conditions established in Article 6 (1) of the Schengen Borders Code (SBC), upon arriving at the Border Crossing Point;

·       Fulfilment of national obligations related to border management.

The legal ground of the processing of personal data is also determined in the controller's privacy notice.

The collection and processing of personal data additionally aims to support travellers and national authorities in the use of the app. 

The collected personal data include the confirmation of the identity of the traveller using a biometric assessment (liveness assurance). If the Controller requests it, the data may also be processed for statistical purposes.

4. Third parties

Your personal data will be shared with the following recipients apart from the controllers:

- Frontex, as a processor, developing and maintaining the system on behalf of the controller(s).

- Developer and second-line support (as sub-processor) which enables the functioning of the Travel to Europe Application - NetCompany Intrasoft.

- Providers of the biometric assessment services (liveness check) – Inverid and iProov, as sub-processors.

- Microsoft Ireland Operations Limited as hosting provider of the solution.

5. Data transfers

Your data will not be transferred outside the European Economic Area.

6. Data subject rights

The data subject rights can be exercised by submitting a request to the controller. Further specification on the scope of the data subject rights, as well as further information on how to exercise the data subject rights can be found in the privacy statement of the controller available in the app.

You, as a data subject, have the right to:

a)     Access: You can request confirmation from us whether or not we are processing your personal data and information on purposes of processing, categories of personal data, the recipients of your personal data, the envisaged retention period, whether you can request rectification, erasure, restriction of processing or object to the processing of your personal data, the right to lodge a complaint with the Data Protection Authority of the controller’s country, the source of collection of data as well as whether there occurs automated decision-making, including profiling;

b)     Rectify: You can request rectification of inaccurate personal data so that we possess the correct information about you;

c)     Erase: In some circumstances, you can request that we erase your personal data that we collect and process, for example if your personal data is no longer necessary for achieving the purposes for which it is processed. You can delete your data from the Travel to Europe Application any time by deleting journey(s) from the Travel to Europe Application or removing the entire Travel to Europe Application from your mobile device. The data stored in Travel to Europe Application’s Backend are deleted after one (1) week since they are created;

d)     Restrict: In some circumstances, you can request us to restrict the processing of your personal data, for example if you contest the accuracy of your personal data;

e)     Data portability: In some circumstances, you can receive from the controller a copy of your personal data, that you have shared with it, in a structured, commonly used and machine-readable format so that you can use this information set for other purposes and, where technically feasible, to transmit those data to another controller. You may exercise this right by using “Export local data” function of the Travel to Europe Application under the “Settings” option and “Local data” submenu;

f)     Lodge a complaint: You can lodge a complaint with a supervisory authority - the respective national Data Protection Authority (as specified in the privacy statement of the controller).

7. Data retention

Your data is stored in your device until you delete them from the device or remove the Travel to Europe Application.

Some data (mobile device ID, travel itinerary information; Information whether you have: a reception certificate or an accommodation reservation, sufficient means of subsistence for the planned stay and medical insurance valid for the entire duration of the trip; a scanned picture of your passport; NFC chip reading of your passport and live facial image) will be retained in the Travel to Europe Application’s Backend for no longer that one (1) week, and will be deleted after this period irrespective of the fact that you submit your data to the border authority via the Travel to Europe Application or not. The retention of data in the national systems depends on the controller on whose behalf the data are collected.

Data processed when you request support from the service desk (e-mail address and any other information shared) will not be stored longer than one week after resolving your ticket.

8. Processed data categories

We will process the following data categories:·      

  • Travel itinerary information, such as: 

o   whether the data subject is arriving in or is departing from the EU/Schengen Zone, 

o   Border Crossing Point of arrival/departure at/from the Schengen Zone,  

o   date of arrival or departure at/from the Schengen Zone, 

  • Traveler information: 

o   Information necessary for any sufficient justification of stay as required under article 6 of Regulation (EU) 2016/399; 

o   The matters to be addressed in the questionnaire as defined by the controller of destination,

o   A scanned picture of passport, 

o   Results of the NFC chip reading of passport, i.e. integrity check, 

o   Passport information, including: 

- First name, 

- Middle name, 

- Last name, 

- Country issuing the passport, 

- Birthdate, 

- Country of birth, 

- Expiration date of the passport, 

- Nationality, 

- Passport number, 

- Sex, 

- Document type, 

- Document subtype, 

- Image of biographical page (VIZ Image), 

o   Live facial image and, if applicable, the result of facial image liveness assurance. 

  • Technical information:

o   Mobile device ID,

o   PIN code (user defined),

o   Data related to setup of the application (activation code; information on permission to receive push notifications; fact of accepting the terms and conditions and acknowledging the privacy notice; fact of enabling biometrics from the mobile),

o   Technical information concerning the use of the document verification service (such as data on the device and on service usage, including the duration of the use of the service, activity in the service, IP address, domain name, software and hardware attributes, general geographic location (e.g. city, state, country)).

  • Personal data provided by users when requesting support from the service desk: e-mail address and any personal data provided in the message. 

9. Final provisions

The use of the Travel to Europe Application and provision of personal data in it is voluntary. However, for the proper functioning of the Travel to Europe Application, you must provide at least one pin code. In order to complete the Schengen Area border check-in procedure, it is necessary to perform the confirmation of your identity using a biometric assessment. If you do not wish to provide any of your data in the Travel to Europe Application, or you do not wish to submit your data to the border authority via the Travel to Europe Application, you will be able to complete the border check-in procedure at the airport.