Sitemap   |   Contact   |   Search
Slovensko
Home » My rights » Schengen » Rights of individuals within the Schengen Convention
Povečaj pisavoPomanjšaj pisavo Tiskanje

Rights of individuals within the Schengen Convention

In conformity with basic data protection principles, specific rights are recognised by the Schengen Convention for both nationals and non-nationals of Member States in the Schengen area. These are basically:

 

  • the right of access to data relating to them stored in the SIS,
  • the right to rectification when data are factually inaccurate or unlawfully stored,
  • the right to bring before the courts or competent authorities an action to correct or delete incorrect data or to obtain compensation.

On this basis any person may, in the territory of each contracting party, bring before the courts or the authority competent under national law an action to correct, delete or obtain information or to obtain compensation in connection with an alert involving them.

Guide for exercising the right of access (pdf, 410 KB)

1. Right of the individual to consult personal data that relate to him

Right of access is the possibility for anyone who so requests to consult the information relating to him stored in a data file as referred to in national law. This is a fundamental principle of data protection which enables data subjects to exercise control over personal data kept by third parties.

Under Article 109 of Schengen Convention anyone has the right to have access to data entered in the SIS which relate to him.

Anyone exercising his right of access and to consult data in SIS that relate to him, may apply to the competent authorities in the any of the Schengen country of his choice, since all national databases are identical because of the technical support function. The right of access therefore pertains to identical data regardless of the state to which the request is addressed. However, the right of access is exercised in accordance with the law of the state addressed, thus the rules of procedure differ from one country to another.

When a country which applies a right of access, receives a request for access to an alert which it did not issue itself, that state must give the issuing country the opportunity to state its position as to the possibility of disclosing the data to the applicant. Likewise shall the national
data protection supervisory agencies of the both states concerned on the basis of Article 114(2) of the Schengen Convention work in close cooperation while examining data subjects application.

However, in conformity with the Article 109 of the Schengen Convention the right of access may be refused if it is indispensable for the performance the alert and any event during the period of validity of an alert for the purpose of discreet surveillance.

There are currently two types of system governing the right of access. In some countries the right of access is direct, in others it is indirect.

Request for Information on Data in the National Schengen Information System in Slovenia (N.SIS)

 

The right of direct access

 
The person concerned applies directly to the authorities handling the data (police, gendarmerie, customs, etc. In Slovenia application should be sent to the Police, Ministry of the Interior, Štefanova 2, 1501 Ljubljana, Slovenia). If national law permits, the applicant may be sent the information relating to him.

The right of indirect access

In this case the person sends his request for access to the national data protection agency of the state to which the request is addressed. The data stored in the SIS is verified by the data protection agency in the same way as for police files relating to national security, defence or public security. Arrangements for disclosing data vary from country to country and can be extremely limited in some cases.Anyone, who wishes to obtain information about the applicable system of the right of access, may so from the national authority for data protection in the respective Schengen state. Their contact details are available on the Joint Supervisory Authority web site (http://www.schengen-jsa.dataprotection.org/).

2. The process of exercising the individual’s right to consult personal data that relate to him in the Republic of Slovenia

The process of exercising the right to consult one’s own personal data in Slovenia is regulated in accordance with the Personal data protection act (Article 30 and 31) and the Information commissioner act.

Article 30 of Personal data protection act imposes to Police, which is subordinated body to the Ministry of Interior and a data controller, an obligation to:
1. enable consultation of the SIS filing system catalogue;
2. certify whether data relating to him are being processed or not, and to enable him to consult personal data contained in national SIS filing system that relate to him, and to transcribe or copy them;
3. supply him an extract of personal data contained in national SIS filing system that relate to him;
4. provide a list of data recipients to whom personal data were supplied, when, on what basis and for what purpose;
5. provide information on the sources on which records contained about the individual in the SIS are based, and on the method of processing;
6. provide information on the purpose of processing and the type of personal data being processed in the SIS, and all necessary explanations in this connection;
7. explain technical and logical-technical procedures of decision-making.

The application is filed in writing or orally for the record, with the:
Police, Ministry of the Interior
Štefanova 2
1501 Ljubljana, Slovenia

Telephone: +386 1 428 40 00  
Fax: +386 1 428 47 33
E-mail: gp.mnz(at)gov.si

The application may also be filled at all border crossing points, administrative units and Slovenian diplomatic and consular authorities abroad. The application is submitted to Police immediately.

The Police must enable the individual to consult, transcribe, copy and obtain a certificate no later than 15 days from the date of receipt of the request, or within the same interval to inform the individual in writing of the reasons for refusal.

The Police is obliged to supply the extract from subparagraph 3, the list from subparagraph 4, information from subparagraphs 5 and 6 and the explanation from subparagraph 7 to the individual within 30 days from the date he received the request, or within the same interval to inform him in writing of the reasons for refusal.

Likewise the individual’s right to consult personal data that relate to him may in Slovenia also be exceptionally restricted in accordance with the Article 36 of Personal data protection act by statute for reasons of protection of national sovereignty and national defence, protection of national security and the constitutional order of the state, security, political and economic interests of the state, the exercise of the responsibilities of the police, the prevention, discovery, detection, proving and prosecution of criminal offences and minor offences, the discovery and punishment of violations of ethical norms for certain professions, for monetary, budgetary or tax reasons, supervision of the police, and protection of the individual to whom the personal data relate, or the rights and freedoms of others. These restrictions may only be provided in the extent necessary to achieve the purpose for which the restriction was provided.

Information Commissioner is competent for deciding on the appeal of an individual when the request to consult personal data that relate to him was refused or the applicant was refused the answer to his application by the competent authority.

3. Right to correct and delete

Any person who establishes that data relating to him and stored in the filing system is inaccurate or unlawfully stored has the right to correct inaccurate data or to delete data collected contrary to satue. For SIS right to correct and delete data is governed in the Article 110 of the Schengen Convention.

Identity of information contained in data files of each national section of the SIS, enables any person to bring before the courts or the authority competent, an action to correct or delete data involving them in the territory of each contracting party. Country where the action was brought, entertains the proceedings regarding the right to correct and delete in accordance with national law.

Under the Article 106 of the Schengen Convention, only the contracting party issuing the alert is authorised to modify, add to, correct or delete data which it has entered.

If one of the contracting parties which has not issued the alert has evidence suggesting that an item of data is factually incorrect or has been unlawfully stored, it advises the contracting party issuing the alert. The issuing country is obliged to check the communication and, if necessary, correct or delete the item in question. In case the correction or deletion under national law of the issuing country is not possible, the issuing country immediately advises the country that received the application.

If the contracting parties are unable to reach agreement, the contracting party which did not issue the alert shall submit the case to the Joint supervisory authority.

4. Action to correct or delete data in Republic of Slovenia   
In Slovenia the right to have factually inaccurate or unlawfully stored data corrected or deleted is regulated by Personal data protection act and Information commissioner act.

In the conformity with Article 32 of the Personal data protection act Ministry of the Interior must on the request of an individual to whom personal data relate, supplement, correct, block or erase personal data contained in the SIS which the individual proves as being incomplete, inaccurate or not up to date, or that they were collected or processed contrary to statute .

The request or objection from Article 32 of this Act is lodged in writing or orally for the record with the Police, Ministry of the Interior. Costs relating to the supplementing, correction and erasure of personal data and of the notification and decision on the objection is borne by the data controller (i.e. Police, Ministry of the Interior).

In case Slovenia has not issued the alert and there are evidence suggesting that an item of data is factually incorrect or has been unlawfully stored, Police, Ministry of the Interior advises the contracting party issuing the alert to correct or delete the data.

Police, Ministry of the Interior is obliged to perform the supplementing, correction, blocking or deletion of personal data within 15 days of the date of receipt of the request, and to inform the person who lodged the request thereof, or within the same interval to inform him of the reasons why he will not do so. Otherwise the request is deemed to have been refused.

Individual who finds that his rights provided by the Personal data protection act have been violated may in line with Article 34 of the Act request judicial protection for as long as such violation lasts.

If the violation ceases, the individual may file a suit to rule that the violation existed if he is not provided with other judicial protection in relation to the violation.

The competent court decides in the procedure under the provisions of the statute regulating administrative disputes unless otherwise provided by the Personal data protection act.

The procedure is urgent and a priority, meaning that the court is obliged to carry out the procedure as soon as possible.

The procedure in which the court examines the suit is in principle not public. An individual may request the court to bind the data controller, until a final decision is issued in the administrative dispute, to prevent any kind of processing of the disputed personal data.
 
In the event damages have been inflicted to the individual, he is entitled to claim compensation according to statue.

Pravne informacije | Zasebnost | Kontakt
Oblikovanje in izdelava: Nova Vizija d.d.