Right of access regarding VIS data
Everyone can request access, rectification and deletion of their personal data in the VIS
Each person has the right to access to the data relating to him recorded in the VIS and may request the correction of inaccurate data and the deletion of unlawfully recorded data.
The request for access must be submitted to the Federal Ministry of the Interior
Bundesministerium für Inneres
Please note: According to § 26 Data Protection Act 2000 (DSG 2000) – and in order to prevent misuse – you have to prove your identity to the controller. Therefore, the request for access has to be signed and a copy of an official document, e.g. a passport, has to be enclosed. The request for access has to be in writing and can also be sent by fax. However, telephone requests as well as E-Mail requests are not being answered.
Please consult the website of the Federal Ministry of the Interior (www.bmi.gv.at) for further information on the handling of requests for access by the Federal Ministry.
With regard to the rights to correction and deletion, the data subject shall be informed as soon as possible which measures were taken.
If the controller does not (fully) provide the relevant information within eight weeks the applicant can lodge a complaint with the Datenschutzbehörde in accordance with § 31 par. 1 DSG 2000. This also applies where the controller has not (sufficiently) corrected or deleted the data. A complaint must be filed in German. However, claims for compensation are to be asserted in court.
The Datenschutzbehörde as national supervisory authority of Austria also monitors independently the lawfulness of the processing of personal VIS data in Austria and their transmission from Austria. It ensures that an audit of the data processing operations in the national VIS system is carried out at least every four years.
The European Data Protection Supervisor checks that the personal data processing activities of the Management Authority are carried out in accordance with this Regulation. Furthermore, he ensures that an audit of the Management Authority's personal data processing activities is carried out at least every four years. A report of such audit is sent to the European Parliament, the Council, the Management Authority, the Commission and the National Supervisory Authorities.
The National Supervisory Authorities and the European Data Protection Supervisor cooperate actively. They exchange relevant information, support each other, and meet each other at least twice a year.