The right of data subject to information (SIS, VIS)
The right to information
Any person has the right to obtain detailed information concerning their personal data, which is processed in data filing systems.
According to art. 32 par. 5 of the Act of 29 August 1997 on the Protection of Personal Data (Journal of Laws No. 101, item 926 with later amendments), the right to information is given to every person interested not often than every 6 months more.
On basis of art. 32 par. 1 point 1-5a of the Act of 29 August 1997 on the Protection of Personal Data (Journal of Laws No. 101, item 926 with later amendments), every person who is concerned can request – regarding processing of their personal data – following information:
- if such system exists,
- since when data is processed,
- the source of getting data,
- the way data is made available,
- the aim and scope of data processing,
- the extent and to whom data was made available.
Data controller will reply regarding the requested information within 30 days.
In order to get information about processing personal data in the Schengen Information System or in the Visa Information System you need to submit an application in Polish to address:
Centralny Organ Techniczny KSI
Komenda Główna Policji
The application must contain:
- first name and surname of an applicant;
- PESEL Number (if the person has it);
- date and place of birth;
- place of residence (country, town, street and number house/flat);
- the subject of the application;
- signature of the person making the application.
In order to perform precise data identification, an applicant may attach a copy of their ID with personal data.
According to art. 32 the Act of 14 June 1960 the Polish Administrative Code (Journal of Laws No. 98, item 1071 with later amendments), the party may be represented in administrative proceedings by a proxy unless procedures demand personal engagement.
Rules of giving legal proxy are set in art. 33 the Polish Administrative Code, i.e.:
- the proxy of a party can be natural person having legal capacity;
- the proxy should be submitted in writing;
- the proxy attaches to the file an original or officially certified copy of the proxy.
A lawyer or a legal advisor and patent agent can certify a copy of a proxy given to them.
Refusal of access to personal data
According to art. 34 of the Act of 29 August 1997 on the Protection of Personal Data, the data controller shall refuse to disclose the information referred to in art. 32 par. 1 point 1-5a to the data subject if it caused:
- a disclosure of confidential information;
- a threat to national defense or national security, to life and health of individuals or to public security and public order;
- a threat to a vital economic or financial interest of the State;
- a significant breach of personal rights of the data subject of other persons.
The right to correct data, request the suspension of their processing or removal
The data subject may ask the data controller to supplement, update, correct, remove, and temporarily or permanently suspend processing of his/her data. However, the data subject must demonstrate that the data is incomplete, outdated, inaccurate, has been collected with violation of the law or that its processing is no longer necessary to achieve the purpose for which it was collected.
The right to make a complaint
Any person whose data is processed in the Schengen Information System or in the Visa Information System, is entitled to submit a complaint to the Inspector General for Personal Data Protection in relation to the implementation of the provisions on the protection of personal data.
Address for correspondence:
Generalny Inspektor Ochrony Danych Osobowych
ul. Stawki 2
- Convention Implementing The Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders (Official Journal of the European Union L 239, 22/09/222 P.0019-0062)
- Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visa (VIS Regulation) (Official Journal of the European Union L 218, 13/08/2008 P.0060-0081)
- Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II) (Official Journal of the European Union L 381, 28/12/2006)
- Council Decision 2007/533/JHA of 12 June 2007 on the establishment, operation and use of the second generation Schengen Information System (SIS II) (Official Journal of the European Union L 205, 07/08/2007)
- Commission Decision of 30 November 2009 determining the first regions for start of operations of the Visa Information System (VIS) (Official Journal of the European Union L 23, 27/01/2010)
- The Act of 29 August 1997 on the Protection of Personal Data (Journal of Laws No. 101, item 926 with later amendments)
- The Act of 24 August 2007 on the Participation of the Republic of Poland in the Schengen Information System and in the Visa Information System (Journal of Laws No. 165, item 1170 with later amendments)
- The Schengen Information System a Guide for Exercising the Right of Access