Visas and consular services

MFA Data Protection

The Ministry of Foreign Affairs pays special attention to the processing of personal data, from the perspective of the protection of fundamental rights and freedoms of natural persons, with focus on the protection of the right to an intimate, private and family life.

 

European legal framework:

  • The Convention for the Protection of Human Rights and of fundamental Freedoms;
  • The Convention for the Protection of Persons Concerning the Automatic Processing of Personal Data, adopted in Strasbourg in January 28th, 1981;
  • Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
  • Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications);
  • Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.
 

National legal framework:

  • The Constitution of Romania;
  • Law No 677/2001 for the Protection of Persons Concerning the Processing of Personal Data and the Free Circulation of Such Data;
  • Law No 682 from November 28th, 2001 on Ratifying the Convention on the Protection of Individuals with Regard to the Automatic Processing of Their Personal Data;
  • Decree No 52/2002 of the Romanian Ombudsman, Regarding the Approval of Minimum Security Standards in the Activity of Personal Data Processing;
 
 

Through the General Directorate for consular Affairs, the Ministry of Foreign Affairs of Romania is registered as data controller, under the following registration numbers:

 

  • 5285 – for the processing of personal data in relation to visa processing, granting and issuing;
  • 5286 – for the processing of personal data in relation to notary activity;
  • 5287 - the processing of personal data in relation to the evidence of people and civil status.
 
 

The processing of personal data is carried out according to the following principles:

  • Legitimacy: The processing of personal data is carried out on the grounds and in accordance with legal provisions;
  • A well-determined purpose: Any personal data processing is carried out for well-determined, explicit and legitimate purposes;
  • Confidentiality: Users who are entitled to process personal data on behalf of a data controller must hold labor contracts comprising a confidentiality clause in this respect;
  • The consent of the data subject: A key element in the processing of personal data is the consent that the data subject must unequivocally express, on the grounds of thorough information provided in relation to the processing of their personal data, as well as based on personal choice;
  • Information: The information is shared to data subjects by the data controller entitled to process the personal data of the data subject in question;
  • The quality of data: Processed personal data must be adequate, pertinent and non-excessive, by comparison to the purpose for which it is collected and subsequently processed;
  • The protection of data subjects: According to this principle, the data subjects hold the right to have access to the processed data, the right to intervene upon the processed data, the right to oppose the processing of their personal data, the right of not being subjected to an individual decision, as well as the right of addressing the National Supervisory Authority for the Protection of Personal Data, or to refer to a Court of Law, in view of the protection of any rights guaranteed by law.
  • Security: The security measures with regard to personal data are established in such a way as to ensure an optimal level of security of processed personal data.
  • Notification: The data controller is registered within the National Supervisory Authority for the Protection of Personal Data. Subsequently, the data controller is granted a data controller number.
 

Definitions:

  • a. Personal data: any information regarding an identified or identifiable natural person; An identifiable natural person is a person who can be directly or indirectly and particularly identified under an identification number, or according to one or several factors that are specific to their physical, physiological, psychological, economical, cultural or social identity;
  • b. The processing of personal data: Any operation or set of operations that are carried out upon personal data, through automated or non-automated means, such as: the collection, registering, organizing, storage, adaptation or amendment, extraction, consulting, use, disclosure towards third parties by means of transmission, dissemination, or in any other manner, the association or combining, blocking, erasure or deletion of personal data;
  • c. Storage: The storage of collected personal data on any kind of support;
  • d. An evidence system for personal data - any organized structure of personal data, accessible according to some pre-determined criteria, regardless of the fact that this structure might be organized in a centralized or non-centralized manner, or is distributed depending on functional or geographical criteria;
  • e. Data controller - any natural or legal person, of private or public law, including public authorities, institutions and their territorial structures, that hereby establish the purpose and manners of personal data processing; if the purpose and the manners of personal data processing are established by means of a normative act or on the grounds of a normative act, the controller is the natural or legal person, of public or private law, who is designated as data controller by means of that normative act or based on that normative act;
  • f. Specially-entitled person, empowered by the data controller - any natural or legal person, of private or public law, including public authorities, institutions and their  territorial structures, that carry out any personal data processing on behalf of the data controller;
  • g. Third party - any natural or legal person, of private or public law, including public authorities, institutions and their territorial structures, other than the data subject, other than the data controller or other than the person entitled by the data controller to process such data, or individuals who are authorized to process personal data, under direct authority of the data controller or of the entitled personal data processor;
  • h. Recipient - any natural or legal person, of private or public law, including public authorities, institutions and their territorial structures, towards which data is disclosed, be they third parties or not; public authorities that receive personal data in the frame of a special investigation competences are not considered as recipients;
  • i. Anonymous data – categories of data that, due to its specific origin or due to the special manners of processing, cannot be associated to an identified or an identifiable person.
 
According to the provisions of article 24 (2) from Law No 677/2001 for the Protection of Persons Concerning the Processing of Personal Data and the Free Circulation of Such Data, the registration number must be incorporated in any document/form drafted by the Directorate General for Consular Affairs, by means of which personal data is collected, stored or disclosed.
 
In accordance with the legislation in force, data subjects that fall under the incidence of Law No 677/2001 for the Protection of Persons Concerning the Processing of Personal Data and the Free Circulation of Such Data, have the following rights:
 
  • The right to be informed;
  • The right of access to data;
  • The right of intervention upon the processed data;
  • The right to object;
  • The right of not being subject to an individual decision;
  • The right to file complaints to the NSAPPD, or to a court of law.
 
The Right to be Informed
The Ministry of Foreign Affairs of Romania is registered as data controller and all the collected personal data is necessary in view of exercising its institutional duties in the field of visa processing, granting and issuing, in the field of notary activity, as well as in relation to the register of population and civil status. Citizens who require assistance in these areas must correctly fill-in all the forms at their disposal, in order for their demands to be appropriately dealt with. The refusal to disclose any of the compulsory personal data required, may lead to a negative answer to the submitted request. The personal data delivered to the staff of the Ministry of Foreign Affairs is consequently disclosed to the competent Romanian authorities and subsequently processed by these authorities, in view of taking a final decision regarding the request for which personal data was disclosed. The disclosed data may be implemented and stored in databases accessible to the competent Romanian authorities.
 
The Right of Access to Data
According to the provisions of Law No 677/2001, the citizens therein concerned can require the following information from the data controller, by means of a written, signed and dated request: they may require to be informed whether their personal data is being processed or not, the categories of data processed, the purpose for which their data is processed, possible third parties their data might be disclosed to, the source their personal data was collected from, the types of automated processing mechanism are used, the other rights they benefit from.
 
The Right of Intervention upon the Processed Data
Depending on each case, upon request and with a fee exemption, any data subject has the right to obtain from the data controller:
 
the amendment, updating, blocking or deletion of any data the processing of which breaches the provisions of Law No 677/2001, more specifically in the case of incomplete or inaccurate data;
rendering personal data anonymous, in the case of data the processing of which breaches the provisions of Law No 677/2001;
the notification of any third party the processed data was disclosed to, with regard to any operation performed according to letters a) or b), in case such notification does not prove to be impossible, or if it does not request a disproportionate effort towards the legitimate interest that might thus be violated.
 
The Right to Object
At any moment, without any justifications and with a fee exemption, the data subject has the right to object to the processing of their personal data for direct marketing purposes on behalf of the data controller or of any third party, or that their personal data is disclosed to third parties for such a purpose.
 
The Right of not Being Subjected to an Individual Decision
Any data subject benefits from the right to claim and obtain: 
  • a. the withdrawal or the cancellation of any decision produces juridical effects upon them, provided that that decision has been exclusively adopted on the grounds of personal data processing, carried out through automatic means, destined to evaluate several aspects of their personality and/or professional competence, credibility, behavior or other such aspects;
  • b. the re-evaluation of any decisions taken with regard to their own person and that significantly affects them, if that decision was exclusively adopted on the grounds of personal data processing, according to the conditions laid down under point a).

 

The Right to File Complaints to the NSAPPD, or to a Court of Law
If the situation should occur, the data subject benefits from the right to file complaints with regard to the breaching of their rights as provided for by Law No 677/2001. Complaints can initially be filed to the data controller and subsequently to the NSAPPD. Also, the data subject can bring the data controller to court for the breaching of the rights as laid down by Law No 677/2001, or for any prejudice they might suffer from the illegal processing of their personal data.
 

THIS SECTION IS CURRENTLY BEING UPGRADED

In compliance with the provisions of Law no. 677/2001 on the protection of persons in view of personal data processing and the free circulation of such data, as subsequently amended and supplemented, the Ministry of Foreign Affairs – registered as personal data operator in the Registry of Personal Data Processing of the National Authority for the Supervision of Personal Data Processing (A.N.S.P.D.C.P.), under operator’s number 5285 - by means of diplomatic missions and consulates of Romania abroad and by means of the National Visa Centre, has the obligation to manage, safely and only for the specified purposes, the personal data you supply, pursuant to the laws, about yourself, about a member of your family or about another person.

The purpose of the data collection is the processing and analysis of the entry visa applications, as well as the issue of Romanian visas.

The persons, whom the processing of personal data for aforementioned reasons refers to, have the obligation to supply the data requested in visa applications*, their refusal to supply the requested data resulting in the denial of their visa applications.

The collected information is meant to be used by the operator and is disclosed only to the following beneficiaries: Romania’s diplomatic missions and consulates, the National Visa Centre under the Ministry of Foreign Affairs, the General Inspectorate for Immigration and the Romanian Border Police under the Ministry of Internal Affairs.

Pursuant to Law no. 677/2001, you benefit from the right to access and amend the data, the right not to be submitted to an individual decision and the right to address to legal courts. Moreover, you have the right to refuse the processing of your data and to request their removal**. In order to exercise these rights, you can address a written application, bearing the date and your signature, to the National Visa Centre under the Ministry of Foreign Affairs. Moreover, your right to address legal courts is acknowledged.

In compliance with the provisions of art. 41 par. 1 of Law 271/2010 on the setting-up, organisation and operation of the National Visa Information System, and on Romania’s participation in the Visa Information System, your data are not transferred or disclosed to a third country or to an international organisation, except for the circumstances specified in art. 41 par. 2 of the aforementioned law.

If any of your data are not accurate, please let us know as soon as possible.

________________________________________________

The columns in the visa application forms which bear an asterisk - (*) should not be filled in by third-country nationals, family members of the citizens of the European Union or the European Economic Area (spouse, child or dependant ascendant).

** If you do not agree that your personal data be processed, you should bear in mind that the visa application shall no longer be admissible. Furthermore, if you wish your personal data be removed and, when you formulate the removal application, you hold a valid visa issued on the grounds of those data, such visa shall be revoked. If your visa application has not been processed yet, such visa application shall no longer be taken into consideration. Moreover, please bear in mind that the fee charged for the processing of a visa application cannot be reimbursed.

Here are the contact data of the National Authority for the Supervision of Personal Data Processing (A.N.S.P.D.C.P.):

Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania;

Email: presa@dataprotection.roanspdcp@dataprotection.ro;

Telephone: +40.318.059.211;

Fax: +40.318.059.602;

Web address: http://www.dataprotection.ro/.

Interview with Romanian Ambassador in Diplomacy Magazine

06/29/19

The summer issue of Diplomacy Magazine, a supplement of Copenhagen Post – the …

#RO2019EU / Briefing for members of the Venstre EU Committee on the accomplishments of the Romanian Presidency of the EU Council

06/27/19

On 26 June 2019, H.E. Alexandru Grădinar, Ambassador of Romania, hosted at his …

The visit of H.E. Alexandru Grădinar, Ambassador of Romania to Denmark and Iceland, in Reykjavik (17-19 June 2019)

06/20/19

Between 17 and 19 June 2019, H.E. Alexandru Grădinar, Ambassador of Romania in …