Right of access regarding SIS data
Everyone can request access, rectification and deletion of their personal data in the SIS
Each person has the right to access to the data relating to him recorded in the SIS and may request the correction of inaccurate data and the deletion of unlawfully recorded data.
The request for access must be submitted to the Sirene Bureau
Ministry of the Interior
Bundeskriminalamt, Sirene Österreich
Josef Holaubek Platz 1
Please note: According to § 26 Data Protection Act 2000 (DSG 2000) – and in order to prevent misuse – you have to prove your identity to the controller. Therefore, the request for access has to be signed and a copy of an official document, e.g. a passport, has to be enclosed. The request for access has to be in writing and can also be sent by fax. However, telephone requests as well as E-Mail requests are not being answered.
Please consult the website of the Federal Ministry of the Interior (www.bmi.gv.at) for further information on the handling of requests for access by the Federal Ministry.
However, information shall not be communicated to the data subject if this is indispensable for the performance of a lawful task in connection with an alert or for the protection of the rights and freedoms of third parties. With regard to the rights to correction and deletion, the data subject shall be informed as soon as possible which measures were taken.
If the controller does not (fully) provide the relevant information within eight weeks the applicant can lodge a complaint with the Austrian Data Protection Authority in accordance with § 31 par. 1 DSG 2000. This also applies if the controller has not (sufficiently) corrected or deleted the data. A complaint must be filed in German. However, claims for compensation are to be asserted in court.
The Austrian Data Protection Authority as national supervisory authority of Austria also monitors independently the lawfulness of the processing of personal SIS data in Austria and their transmission from Austria. It ensures that an audit of the data processing operations in the national SIS system is carried out at least every four years.
The European Data Protection Supervisor checks that the personal data processing activities of the Management Authority are carried out in accordance with this Regulation. Furthermore, he ensures that an audit of the Management Authority's personal data processing activities is carried out at least every four years. A report of such audit is sent to the European Parliament, the Council, the Management Authority, the Commission and the National Supervisory Authorities.
The National Supervisory Authorities and the European Data Protection Supervisor cooperate actively. They exchange relevant information, support each other, and meet each other at least twice a year.