Visa and immigration

The conditions to enter and stay in Luxembourg do not only depend on the length of the planned stay but also on the country of origin of the foreign national who is making the request.

Duration of stay

Special cases

Information to visa applicants concerning the processing of personal data in the Visa information System (VIS) provided upon short stay visa application

Information on the processing of personal data

The collection of personal data required for all visa applications, including photographs and fingerprints, is compulsory for the examination of a visa application. Failure to provide this information will result in the application being declared inadmissible.

The responsible authorities

Ministère des Affaires étrangères et européennes,
de la Défense, de la Coopération et du Commerce extérieur
Bureau des Passeports, Visas et Légalisations
6 Rue de l’Ancien Athenée
L-1144 Luxembourg
service.visas@mae.etat.lu

Data protection officer: dataprotection.mae@mae.etat.lu

The legal basis

The legal basis for the collection and the processing of personal data is set out in Regulation (EC) 767/2008 (VIS Regulation), Regulation (EU) 2019/1155 amending Regulation (EC) 810/2009 establishing a Community Code on Visas (Visa Code) and Council Decision 2008/633/JHA.

The processing of personal data

The data will be shared with the competent authorities of the Schengen Member States [1] and processed by these authorities for the purposes of decision-making on a visa application.

Data and information relating to the decision taken on an application, whether to annul, revoke or extend an existing visa, will be entered and stored in the Visa Information System (VIS) for a maximum period of five years, during the course of which they will be accessible to the visa authorities and to the authorities responsible for carrying out visa checks at the external borders and within the Member States, to immigration and asylum authorities in the Member States, in order to check whether the conditions for entry, stay and legal residence on the territory of the Member States are fulfilled, to identify persons who do not meet or no longer meet these conditions, to examine an asylum application and to determine responsibility for this examination.

Under certain conditions, the data will also be made available to the designated authorities of the Member States and to Europol for the purposes of the prevention, detection and investigation of terrorist offences and other serious criminal offences.

Third countries and international organisations

Personal data may also be transferred to third countries or international organizations in order to verify the identity of third-country nationals, including for return purposes. Such transfers only take place under certain conditions [2]. You can contact the authority responsible for data processing to obtain further information on these conditions and how they are met in your particular case.

Transparency and rights of the data subject

Under the General Data Protection Regulation [3] and the VIS Regulation [4], you have the right to obtain access to your personal data, including a copy thereof, as well as the identity of the Member State that transmitted it to the VIS. You also have the right to have inaccurate or incomplete personal data corrected or completed, to have the processing of your personal data restricted under certain conditions, and to have personal data that has been processed unlawfully deleted.

You may address your request for access, rectification, restriction or erasure directly to the authority responsible for processing the data. Further details on how you may exercise these rights, including the related remedies according to the national law of the State concerned, are available on its website and can be provided upon request.

You may also address your request to any other Member State. The list of competent authorities and their contact details is available at:

https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-lu

Lodge a complaint

You are also entitled to lodge at any time a complaint with the national data protection authority of the Member State of the alleged infringement, or of any other member State, if you consider that your data have been unlawfully processed. 

The data protection authority of Luxembourg is:

National Commission for Data Protection (CNPD), 15 Boulevard du Jazz, L-4370 Belvaux
Phone: (+352) 26 10 60 – 1

Web contact: https://cnpd.public.lu/en/support/contact.html
Website: https://cnpd.public.lu/en/commission-nationale.html

[1]  Austria, Belgium, Croatia, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden and Switzerland.

[2] Article 31 of Regulation (EC) 767/2008 (VIS Regulation)

[3] Article 15 to 19 of Regulation (EU) 2016/679 (GDPR)

[4] Article 38 of Regulation (EC) 767/2008 (VIS Regulation)

What is the VIS?

The Visa Information System (VIS) is a system for exchanging data on short-stay visas between Schengen states. The main objectives of the VIS are to facilitate visa application procedures and external border controls, and to enhance the security of the Schengen area.

The aim of the global VIS introduction process is to provide applicants with greater protection against identity theft, and to prevent document fraud and the practice of "visa shopping". Fingerprints are widely used in the EU as one of the most secure means of identification. The use of biometric data to identify a visa holder is a faster and more precise way of identifying a visa holder by the border police.

The VIS incorporates a central database, a national interface in each Schengen state, and a communication infrastructure between the central database and the national interface. The VIS is linked to the national visa systems of all the Schengen States via the national interfaces, enabling the competent authorities in the Schengen States to process data on visa applications and on visas either issued, refused, annulled, revoked or extended.

The VIS consists of two systems: the VIS database, which conducts alphanumeric searches, and the Automated Fingerprint Identification System (AFIS), which compares fingerprints received with the database and returns a positive or negative response, including any matches.

The main central VIS is located in Strasbourg (France) and a back-up central VIS, capable of providing all the functions of the main central VIS, is located in Sankt Johann in Pongau (Austria).

The VIS is continually processing information gathered by the consulates of the Schengen states. For instance, information entered locally by visa authorities can be available in the VIS in a matter of minutes. The VIS offers rapid verification services for visa holders at border crossings, taking just a few seconds to conduct a visa check.

The Commission was responsible for developing the central database, the national interfaces and the communication infrastructure between the central VIS and the national interfaces. Individual Schengen States are responsible for the development, management and operation of their respective national systems.

The EU Agency for large-scale IT systems, eu-LISA, is responsible for the operational management of VIS.

What is the legal basis for the VIS?

The main acts constituting the legal framework of the VIS are the following:

·                  Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System (VIS), OJUE L 213, 15.6.2004, p. 5.

·                  Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the VIS and the exchange of data between Member States on short-stay visas (VIS Regulation), OJUE L 218, 13.8.2008, p. 60.

·                  Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the VIS by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offence, OJUE L 218, 13.8.2008, p. 129.

·                  Regulation (EC) No 81/2009 of the European Parliament and of the Council of 14 January 2009 amending Regulation (EC) No 562/2006 as regards the use of the Visa Information System (VIS) under the Schengen Borders Code, OJUE L 35, 4.2.2009, p. 56.

·                  Regulation (EC) No 810/2009 of the European Parliament and the Council of 13 July 2009 establishing a Community Code on Visas (Visa Code), OJUE L 243, 5.9.2009, p. 1.

What are the consequences of VIS in practice for visa applicants?

First-time visa applicants must always present themselves in person when submitting their application to provide their photograph and fingerprints.

The photograph is currently scanned from an existing paper photograph. At a later stage, the photograph will be taken digitally at the moment of the application.

For all new subsequent applications submitted within a period of 59 months, the fingerprints can be copied into the VIS from the previous application file.

Nevertheless, it should be stressed that in the event of reasonable doubt as to the applicant's identity, the consulate will collect fingerprints again within the 59 months referred to above. Moreover, the applicant may ask for fingerprints to be taken if, at the time the application is submitted, it is not immediately possible to confirm that the fingerprints were taken within the aforementioned period.

The biometric data of visa applicants may be collected by Schengen State consulates and external service providers (such as VFS, TLS and others), but not by commercial intermediaries (e.g. travel agencies).

Upon arrival at the Schengen external border, visa holders must provide their fingerprints for comparison with those registered in the VIS, at the request of the Schengen States' border control authorities. Searches in the VIS by Schengen border guards are based on the visa sticker number in combination with fingerprints.

Visa holders whose fingerprints have not been taken at the time of application, on the grounds that they have been exempted from this requirement, will not be asked to provide fingerprints at the border.

What happens to those who refuse to provide fingerprints for various reasons?

As a result, a Schengen visa will not be issued if biometric data is not provided. However, in accordance with Article 13(7) of the Visa Code, there are several categories of citizens who are not required to provide this data, as indicated in the FAQ under Question 18.

If I already have a biometric passport, do I also need to submit my fingerprints?

Yes, holders of biometric passports must also appear in person when applying for a short-stay Schengen visa for the first time to submit their fingerprints.

How is my biometric data protected in the VIS?

Strict data protection rules are defined in the VIS regulation and are subject to control by national and European data protection authorities.

Data is kept in the VIS for a maximum of five years from the visa expiry date, if a visa has been issued, or from the new visa expiry date, if a visa has been extended, or from the date on which a refusal decision is issued by the visa authorities.

All individuals have the right to obtain communication of the data recorded in the VIS concerning them from the Schengen State which entered the data in the system. Individuals may also request that inaccurate data concerning them be rectified, and that illegally recorded data be deleted.

In each Schengen State, the national supervisory authorities independently monitor the processing of personal data recorded in the VIS by the respective Schengen State.

The European Data Protection Supervisor monitors the data processing activities of the VIS Management Authority.

Which data are registered in the VIS?

The visa authorities in each Schengen state register data relating to short-stay visa applications (i.e. applications to stay in the Schengen area for 90 days or less) in the VIS. Data relating to national long-stay visas are not yet recorded in the VIS.

Upon reception of an application, the visa authorities of the relevant Schengen State create an application file in VIS and record the alphanumeric data contained in the Schengen visa application form, the applicant's digital photograph and the ten fingerprints collected.

If the applicant is traveling in a group, the travelers' application files will be linked in the VIS. If a previous application has been registered for the same applicant, the two applications will also be linked in the VIS.

Once a decision has been taken on the application (visa granted/refused) or post-decision (annulment, revocation, extension), the information is recorded in the VIS by the visa authorities of the relevant Schengen States. Once the visa has been issued and all applicant data - including fingerprints - have been recorded in the VIS, a code is inserted in the visa sticker.

Which authorities have access to the VIS?

The visa authorities of the Schengen States have access to the VIS for both data recording and consultation. Application and decision data are entered into the VIS by the visa authorities of the Schengen State responsible for examining the application or taking the decision. The data entered by one Schengen State can then be consulted by the visa authorities of all the other Schengen States, for example when examining another application from the same applicant.

Other authorities from the Schengen States have access to the VIS for consultation only.

National border authorities have access to the VIS in order to verify the identity of the visa holder, the authenticity of the visa and whether the conditions for entry into the territory of the Schengen states have been fulfilled. VIS checks at the Schengen area's external borders, with systematic fingerprint verification, are compulsory, except in a limited number of cases.

The national authorities responsible for carrying out identity checks on the territory of the Schengen states have access to the VIS in order to verify the identity of the visa holder, the authenticity of the visa and whether the conditions for entry, stay or residence on the territory of the Schengen states have been fulfilled.

National asylum authorities have access to the VIS to determine the Member State responsible for examining an asylum application in accordance with Regulation (EC) No 343/2003 and for processing the application.

Europol has access to the VIS for consultation purposes as part of the prevention, detection and investigation of terrorist offences and other serious criminal offences.

National law enforcement authorities have access to VIS data for the same purposes, provided certain legal conditions are respected: access to VIS data must be necessary in a particular case, and there must be reasonable grounds for considering that consultation of the data will make a substantial contribution to the prevention, detection and investigation of terrorism and other serious crimes.

As a general rule, VIS data may not be transferred or made available to a third country or international organization. By way of derogation, certain data recorded in the VIS (name, nationality, travel document number, residence) may be communicated to a third country or international organization when a specific case requires it to prove the identity of a third-country national, including for return purposes.

How to exercise your access rights?

For detailed information on how to exercise your access rights, please visit the following site: 

https://cnpd.public.lu/en/particuliers/vos-droits/droit-acces.html

Last update