What is VIS?
The Visa Information System (VIS) is a computerised system for sharing data on visas for entry into the Schengen Area between the States that are part of it. The establishment of VIS (which has been operational since February 28, 2016) is one of the main initiatives within the framework of the European Union’s policies to create an area of freedom, security and justice without internal borders.
To enable VIS to operate, the consular offices and external border crossing points of Schengen States are connected to the central database of the system. VIS contains the biographic and biometric data of all visa applicants. The relevant computer files are stored in a common database.
The VIS main purposes are to facilitate visa application procedures, as well as checks at external border crossing points, and to enhance security. VIS also prevents the so-called “visa shopping” and assists Member States in the fight against fraud.
What changes for visa applicants at consular offices and external border crossing points of the Schengen Area?
People applying for a visa for the first time are required to appear in person. In accordance with Article 13 of the Visa Code, their biometric identifiers are collected on that occasion, i.e. a digital photograph and ten finger scans. Once finger scans are stored in VIS, they can be reused for further visa applications over a 5-year period, unless there is reasonable doubt about the applicant’s identity.
The authorities responsible for controls at external border crossing points have access to VIS to check the identity of the visa holder and the visa authenticity. These procedures aim to strengthen security within the Schengen Area.
Some categories of applicants, however, are exempted from the obligation to be finger scanned:
- children under the age of twelve;
- people who physically cannot provide finger scans;
- Heads of State and government and members of national governments, accompanied by spouses, as well as members of their official delegations when invited by Member States’ governments or international organisations, on an official mission;
- sovereigns and other senior members of a royal family when invited by Member States’ governments or international organisations, on an official mission.
Protection of personal data and access to VIS
When applying for a visa, some personal data of the applicant are collected and stored into VIS, including the applicant’s photograph, finger scans (where applicable) and the personal data provided in the visa application form.
These data are transmitted to the Member States’ competent authorities and processed for the purpose of taking a decision on the visa application.
The personal data of the visa applicant, as well as the data concerning the decision on his/her application or any decision whether to annul, revoke or extend a visa issued, shall be entered, stored and kept in VIS for a maximum period of five years. This retention period shall start from:
- the expiry date of the issued visa;
- the new expiry date of the extended visa;
- the date of creation of the file in VIS, if the application has been withdrawn, closed or discontinued;
- the date of the decision taken by the competent Authorities, if a visa has been refused, annulled or revoked.
Access to VIS for entering, amending, deleting and consulting data is reserved exclusively for the duly authorised staff of the competent authorities. In particular, VIS may be consulted for the following purposes:
- examination of visa applications and related decisions;
- check of the visa holder’s identity and/or the visa authenticity;
- identification of the people who do not – or no longer – fulfil the conditions for entry, stay or residence on the Member States’ territory;
- definition of the Member State responsible for examining an asylum application.
The authorities for which access to VIS is reserved are the following:
- the visa authorities;
- the authorities responsible for visa control at external borders and in the Member States;
- the immigration and asylum authorities in the Member States.
Under certain conditions, access to VIS may be requested by the European Police Office (Europol) and the designated authorities of the Member States (for Italy, the Ministry of the Interior and Police Authorities) for the purposes of prevention, detection and investigation of terrorist offences and other severe criminal offences.
The Ministry for Foreign Affairs and International Cooperation – MAECI (Piazzale della Farnesina 1, 00135 Rome), www.esteri.it telephone no. 0039 06 36911 – through the Italian diplomatic or consular office to which the visa application has been submitted – is the Member State’s authority responsible for data processing.
The Italian national supervisory Authority responsible for the protection of personal data, pursuant to Legislative Decree No. 196 of June 30, 2003, is the Garante per la Protezione dei Dati Personali ((Italian Data Protection Authority).
Exercise of the rights of access, rectification or deletion of data entered in VIS
The visa applicant has the right to access his/her data stored in VIS, and to know the Member State which transmitted said data. The applicant has also the right to request that inaccurate data relating to him/her be corrected and that unlawfully processed data be deleted.
The person concerned can exercise the rights of access, rectification and deletion of personal data stored in VIS by contacting directly the Head of the Visa Office that examined the application, who will in turn transmit the request to the Central Visa Unit of the Directorate General for Italians Abroad and Migration Policies at the Ministry for Foreign Affairs and International Cooperation.
In the event of a negative or unsatisfactory reply to a request for exercising these rights, the data subject may claim them by taking legal action before a judicial authority.
The competent Italian national supervisory authority for examining complaints on personal data protection is the Data Protection Officer (DPO) of the Ministry for Foreign Affairs and International Cooperation (MAECI) (email: firstname.lastname@example.org, certified e-mail: email@example.com) or, alternatively, the Italian Data Protection Authority (Piazza Venezia 11, 00187 ROME; tel. 0039 06 696771; e-mail: firstname.lastname@example.org; certified e-mail: email@example.com).