-
Last updated on
1. DEFINITIONS:
"Data of a personal nature": any information pertaining to an identified or identifiable person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
"Processing": any operation or any series of operations carried out or not via automated processes and applied to data or series of data of a personal nature, such as the collection, recording, organisation, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, convergence, or interconnection, limitation, deletion or destruction.
"Data controller": any natural or legal person, public authority, service or other organisation which, alone or jointly with others, determines the purpose and methods of processing.
"Sub-contractor": any natural or legal person, public authority, service or other organisation which processes data of a personal nature on behalf of the processing manager.
"Recipient": any natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
"Third party": any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the data controller or the processor, are authorised to process the personal data.
General Data Protection Regulation (GDPR): Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
2. DATA CONTROLLER:
The controller of the processing of personal data in the context of visa applications at Belgian diplomatic and consular posts abroad is:
The Minister of Foreign Affairs, represented by the Director General of Consular Affair.
Federal Public Service Foreign Affairs
Directorate-General of Consular Affairs
Rue des Petits Carmes, 15
1000 Brussels
Belgium
3. DATA PROTECTION OFFICER (DPO):
Missions of the "DPO":
The "DPO" can be contacted by the data subjects whose data are processed by Foreign Affairs in the context of a visa application, regarding all matters relating to the processing of their data and more specifically with regard to:
- the purposes of the data processing;
- the legal basis of the processing;
- the categories of personal data concerned;
- the categories of recipients of the personal data;
- the possible transfer of personal data to third countries and the existence of appropriate safeguards;
- the duration of storage of personal data;
- knowing whether it is a question of automated data processing;
- the right to request rectification;
- the right to request the deletion of data and the restriction of data processing;
- the right to object to the processing.
Contact details of the "DPO":
You can contact the "DPO" of the Directorate-General of Consular Affairs:
- by form
- by post:
Federal Public Service Foreign Affairs
Directorate-General of Consular Affairs
For the attention of the "Data Protection Officer"
Rue des Petits Carmes, 15
1000 Brussels
4. COLLECTED PERSONAL DATA:
The Directorate-General of Consular Affairs undertakes to only process personal data that are adequate, relevant and not excessive in relation to the purposes for which they are collected (see point 5 below) and not to use them subsequently in a way which is incompatible with those purposes.
In addition to the personal data that we collect directly from you, the Directorate General of Consular Affairs also collects personal data about you from other bodies. Depending, in particular, on the application for residence submitted, this may relate to the following categories of data [1]:
- Identification data: personal identification data (name, title, address, previous addresses, telephone number, identifiers assigned by the Directorate-General of Consular Affairs, etc.); identification data, issued by public services, other than the national register number (identity card, passport, driving licence, pension number, etc.); biometric identification data (DNA data, fingerprints, photographs).
- Financial characteristics: financial identification data (bank account numbers, etc.); income, possessions, total income, professional income, savings, etc.; debts, expenses (total expenses, rent expenses, loans, etc.); solvency (assessment of income, financial status, solvency); allowances, assistance, etc.; pension details; etc.
- Personal characteristics: personal details (age, sex, date of birth, place of birth, marital status, nationality, etc.); military status (military status, military background, etc.); immigration status (visa details, work permit, residence or travel restrictions, right of residence, etc.); etc
. - Life habits: lifestyle; travelling details (information about stays and trips, travel visas, work permits, etc.); social contacts (friends, associates, relationships other than close family, etc.); possessions (land, property or other possessions); etc.
- Psychological data: opinions about personality or character.
- Household composition: marriage or other current form of cohabitation (name of spouse or partner, maiden name of spouse or partner, date of marriage, date of cohabitation, number of children, etc.); marital history (details of previous marriages or unions, divorces, separations, names of previous partners, etc.); details of other family or household members (children, dependants, other household members, collateral relatives, parents and ancestors); etc.
- Leisure and interests: leisure activities and interests (hobbies, sports, other interests, etc.).
- Affiliations: affiliations (other than professional, political or trade union) with charitable or voluntary organisations, clubs, associations, unions, organisations, groups, etc.
- Judicial data: suspicions and indictments (suspicion of offences, investigations or legal proceedings, etc.); convictions and penalties; judicial measures (placing under supervision, placing under provisional administration, confinement, collocation, etc.); administrative sanctions; etc.
- Characteristics of housing: address of the accommodation; type of accommodation; duration of the stay at the address; rent, charges; classification of the accommodation; etc.
- Health data: physical health status (medical file, medical report, diagnosis, treatment, analytical result, disability, impairment, diet, etc.); specific health requirements for travel management; mental health status (medical file, medical report, diagnosis, treatments, analytical results, etc.); risk situations and behaviours; genetic data; care-related data (data on resources and procedures used for medical and paramedical care); etc.
- Education and training: academic curriculum (school history, institution history, universities attended, nature of courses taken, diplomas followed, examination results, other diplomas obtained, assessments of academic progress, etc.); professional qualifications (patents and professional training, special licences, etc.); professional experience (professional interests, research interests, academic interests, etc.); etc.
- Occupation and employment: current employment (employer, title and job description, rank, date of recruitment, place of work, specialisation or type of business, terms and conditions of employment, previous functions and experience, etc.); termination of employment; career (previous jobs and employers, periods of unemployment, military service, etc.); occupational medicine; salary (payments, wages, etc.); etc.
- National Register Number / Social Security identification number
- Racial or ethnic data
- Data relating to sexual behaviour
- Political opinions: political convictions, voting preference; affiliation to a political party; political positions held; membership or support for pressure groups or militant organisations; etc.
- Membership of a trade union: membership of a trade union or similar group; positions held; etc.
- Philosophical and religious beliefs.
5. PURPOSES OF THE PROCESSING
In accordance with Article 6 of the GDPR, the personal data transmitted by the visa applicant and those collected by the Directorate-General of Consular Affairs from third parties are necessary for the performance of a task in the public interest, in the exercise of public authority vested in the Directorate-General of Consular Affairs, namely in this case: the receipt of visa applications in Belgian diplomatic and consular posts abroad.
The said data (see point 3, above) are processed, in particular, for the following purposes:
- Identification of foreign nationals;
- The processing of applications for residence submitted by foreign nationals to Belgian diplomatic or consular posts abroad
- Managing disputes regarding decisions taken;
- Managing correspondence between the Directorate-General of Consular Affairs and persons and authorities or others corresponding with the Directorate-General of Consular Affairs.
6. DATA RECIPIENTS:
The personal data concerning you collected and processed by the Directorate-General of Consular Affairs (or at least some of them) may, in particular, be communicated to the following categories of recipients:
- The data subject and their legal representatives;
- The professional advisers (e.g. lawyers) of the data subject or their legal representatives;
- The Immigration Office, the Commissioner General for Refugees and Stateless Persons, municipal administrations, Belgian diplomatic or consular posts abroad, etc.;
- Federal, regional or community public services;
- The judiciary, police services, intelligence services;
- The Social Security Office
7. DURATION OF DATA STORAGE :
As a general rule, the Directorate-General of Consular Affairs stores the personal data it processes for a period of 75 years after the submission of a visa application. After this period, the file is sent to the State Archives, where it is archived for future historical and scientific research.
Storage periods may differ from this general rule depending on the source and specific legal frameworks.
8. PROCEDURE FOR REQUESTING A COPY OF THE ADMINISTRATIVE FILE
In the context of the Law of 11 April 1994 on the disclosure of information by the administration, you may request a copy of your administrative file managed by the Directorate-General of Consular Affairs. Your application must be sent to the following address:
Federal Public Service Foreign Affairs
Directorate-General of Consular Affairs
Directorate for Visas (C4)
Rue des Petits Carmes, 15
1000 Brussels
9. RIGHT OF ACCESS, RECTIFICATION, DELETION AND RESTRICTION OF PROCESSING:
A. Right of access:
You have the right to obtain confirmation that your personal data are being processed by the Directorate-General of Consular Affairs and, when they are processed, access to the following information:
- the purposes of the data processing;
- the legal basis of the processing;
- the categories of personal data concerned;
- the categories of recipients of the personal data;
- the possible transfer of personal data to third countries and the existence of appropriate safeguards;
- the duration of storage of the personal data or the criteria used to determine this duration;
- knowing whether it is a question of automated data processing.
For these questions, you can contact the DPO (see 3. The Data Protection Officer). You will be asked to prove your identity.
B. Right to rectification:
You have the right to obtain the rectification of inaccurate personal data or to request that incomplete personal data be supplemented.
If you find that the Directorate-General of Consular Affairs has processed personal data concerning you that are inaccurate or incomplete, we invite you in the first instance to contact the diplomatic or consular post that is handling your visa application to request that it corrects the inaccurate data, or that incomplete data are supplemented.
The diplomatic or consular post handling your file may ask you for additional information or evidence to back up your request.
The diplomatic or consular post will inform the partners with whom it shares the amended personal data of any rectification, unless such communication proves impossible or requires disproportionate efforts.
If you have any further questions after contacting the competent services, you can address them to the DPO (see 3. The Data Protection Officer). You will be asked to prove your identity.
C. Right to erasure:
Given that the processing of your personal data is necessary for the performance of a task falling under the official authority vested in the Directorate-General for Consular Affairs, you are not entitled to request and obtain the erasure of your personal data.
If you have any questions concerning the right to erasure, you can address them to the DPO (see 3. The Data Protection Officer). You will be asked to prove your identity.
D. Right to restriction:
Given that the processing of your personal data is necessary for the performance of a task falling under the official authority vested in the Directorate-General for Consular Affairs, you are not entitled to request that the processing of your personal data is restricted.
If you have any questions concerning the right to erasure, you can address them to the DPO (see 3. The Data Protection Officer). You will be asked to prove your identity.
E. Right to data portability:
Given that the Directorate-General of Consular Affairs does not process your personal data pursuant to a contract, the right to portability does not apply. Consequently, you are not entitled to receive your personal data from the Directorate-General of Consular Affairs in a structured, commonly used and machine-readable format for transmission to another controller.
If you have any questions concerning the right to data portability, you can address them to the DPO (see 3. The Data Protection Officer). You will be asked to prove your identity.
F. Right to object:
You may object to the processing of personal data, unless the processing is necessary for the performance of a task in the public interest or in the exercise of public authority.
However, the Directorate-General of Consular Affairs may object if there are legitimate and compelling reasons for the processing that prevail over your interests, rights and freedoms or for the establishment, exercise or defence of legal rights.
If you object to the processing of personal data managed by the Directorate-General of Consular Affairs, you are invited to contact the DPO (see 3. The Data Protection Officer). You will be asked to prove your identity.
10. RESPONSE AND RESPONSE TIME:
If you invoke the right of access, the right of rectification, the right of erasure, the right to limit or the right to oppose, you will receive information on the measures taken following your request, within one month of receiving the request. This period may be extended by two further months, taking into account the complexity of your request and the number of ongoing requests. You will be informed of this extension of the response time.
If your request is not followed up, you will be informed of the reasons why no later than one month after receipt of your request. You have the possibility to lodge a complaint with the supervisory authority and to lodge an appeal.
11. LODGING A COMPLAINT WITH THE SUPERVISORY AUTHORITY:
If you believe that the Directorate-General of Consular Affairs has not processed your personal data in accordance with the GDPR, you may lodge a complaint with the Belgian Data Protection Authority.
You can find more information on this subject on the website of the above-mentioned Authority: https://www.privacycommission.be
Data Protection Authority
Rue de la Presse 35
1000 Brussels
E-mail: contact@apd-gba.be
T: +32 2 274 48 00
[1] This list is based on the categories of personal data established by the Data Protection Authority in its Recommendation No 06/2017 of 14 June 2017 - Recommendation on the Register of Processing Activities (Article 30 of the GDPR) (COAR-2017-011).