XVII. Personal data processing in the field of…

Short description of NVIS

The National Visa Information System (NVIS) is a highly secure IT system, operating exclusively in the MFA's secured network, fully compatible with the specifications of Central Visa Information System (C.VIS), for data management and exchange of visa data. By connecting to C.VIS, the competent authorities of the Schengen Area MS have the possibility to electronically enter, update and consult these data. SNIV has been configured to allow the competent Romanian authorities to participate in this data exchange and to handle at national level the visa applications made by citizens of third countries subject to the visa requirement of entry into Romania. Equally, at national level, requests for issuance of LBTP are processed through the interface for the same computer system.

By processing the data of the visa / LBTP applicants in the relevant national database, NVIS ​​is constituted as an electronic component with limited and secure access, in which personal data is processed and included only for the well-defined and legal purposes of the examination of applications for visas and LBTPs formulated by foreign citizens wishing to travel to Romania, as well as for the issuance of these documents.

Law no. 271/2010 (NVIS Law) regulates the types of transactions that are performed on personal data in NVIS ​​(according to art. 10-25 of the NVIS ​​Law), in line with the provisions of the VIS Regulation.

The NVIS ​​specifications evolve with the evolution of the C.VIS specifications, ensuring the permanent compatibility of the two systems.

The specialized IT departments for security and protection within the Ministry of Foreign Affairs implement the necessary measures to ensure, among other things (together with the systems used at MFA level), the physical security of the NVIS ​​equipment (and the eViza electronic portal) as well as for observing the procedures regarding the access of the authorized personnel to them, keeping them in secure premises, both in the country and at the diplomatic missions and consular offices of Romania abroad (DM / CO), including the implementation of emergency measures.

NVIS, as a secured internal system, is intended solely for the management of data on visa / LBTP applications, and related documents, in accordance with the legislation in force, submitted by third-country nationals at the DM / CO of Romania. It includes solely information and data relevant to activities in the field, the competent national authorities ensuring that the data provided by the data subjects is accurate. Prior to receiving visa and LBTP applications, competent MFA staff shall ensure that each applicant verifies the visa / LBTP application form and signs it only after making sure that all provided data is correct, consenting also with the signature on the form, providing one’s own personal data for the purpose of processing his/her application.

Personal data processed via NVIS is solely used for the purposes for which it is received and processed (visas and LBTPs).

MFA staff in charge with receiving and processing visa and LBTP applications, as well as for issuing visas and LBTPs, process personal data on the basis of the following principles:

  1. lawfulness, fairness and transparency – personal data is processed lawfully, fairly and in a transparent manner in relation to the data subject;
  2. purpose limitation - personal data is collected for specified, explicit and legitimate purposes and is not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes and is not considered incompatible with the original purposes;
  3. data minimization - personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
  4. accuracy - personal data is accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
  5. storage limitation - personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  6. integrity and confidentiality - personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures;
  7. Accountability – the controller is responsible for the respect of all principles outlined above and can demonstrate such compliance.

The personal data processed in NVIS ​​is protected in accordance with the legal provisions in the matter, ensuring compliance with the above-mentioned principles.