Data protection

1. Controller information

The European Border and Coast Guard Agency (Frontex), as an EU agency, is the data controller who collects and further processes personal data in accordance with the provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (the “Data Protection Regulation”).

This Privacy Notice relates to the data processing activity that takes place during the pilot testing phase of the Quick Border Application from 15 to 18 April 2024 at the Schiphol Airport (the Netherlands).

Controller’s contact information:

●       Address: European Square 6, 00-844 Warsaw, Poland

●       E-mail: frontex@frontex.europa.eu

2. Data Protection Officer

If you have any query relating to processing of your data you may at any time consult Frontex Data Protection Officer (dataprotectionoffice@frontex.europa.eu).

3. Data collection and processing purposes

We collect your personal data directly from you, when you are the person using the Quick Border Application and filling out the border check-in questionnaire.

We may also collect your personal data indirectly, when you are a “co-traveller” and another person, authorized by you, fills out the border check-in questionnaire in the Quick Border Application on your behalf.

We process your personal data to test a mobile application - Quick Border Application - whose aim will ultimately be to facilitate cross-border flow of passengers arriving to the Schengen Area.

During the pilot testing phase of the Quick Border Application, we will process personal data of passengers arriving at the Schengen Area at the Schiphol Airport for the below listed specific purposes:

●       to confirm your identity using a biometric assessment (liveness check)
(legal basis: Article 10 par. 2 let. a of the Data Protection Regulation - your explicit consent)

●       to provide you with an electronic service in the form of the Quick Border Application      
(legal basis: Article 5 par. 1 let. c of the Data Protection Regulation - the processing is necessary for the performance of a contract to which you are a party)

●       to perform automatic monitoring of user activity (such as performance of different modules in the Quick Border Application; for example, success rates for passport reading and liveness detection) and to prepare anonymised statistics for research purposes. The monitoring will be carried out with the use of a tool approved by the European Commission - Dynatrace (legal basis: Article 5 par. 1 let. d – your consent).

4. Third parties

 Your personal data will be shared with the following recipients:

●       Provider of hosting services which enables the functioning of the Quick Border Application - NetCompany Intrasoft.

●       Providers of the biometric assessment services (liveness check) – InverID, Veriff and iProov.

5. Data transfers

With the exception in the following paragraph, your data will not be transferred outside the European Economic Area.

Authorised sub-processors (InverID and IProov) will process personal data in the UK. The UK is considered as providing adequate protection of personal data (Commission Implementing Decision (EU) 2021/1772).

6. Data subject rights

 You, as a data subject, have the right to:

a)     Access: You can request confirmation from us whether or not we are processing your personal data and information on purposes of processing, categories of personal data, the recipients of your personal data, the envisaged retention period, whether you can request rectification, erasure, restriction of processing or object to the processing of your personal data, the right to lodge a complaint with the European Data Protection Supervisor, the source of collection of data as well as whether there occurs automated decision-making, including profiling;

b)     Rectify: You can request rectification of inaccurate personal data so that we possess the correct information about you;

c)     Erase: In some circumstances, you can request that we erase your personal data that we collect and process, for example if your personal data is no longer necessary for achieving the purposes for which it is processed. You can delete your data from the Quick Border Application any time by deleting journey(s) from the Quick Border Application or removing the entire Quick Border Application from your mobile device. The data stored in Quick Border Application’s Backend are deleted after one (1) day since they are created;

d)     Restrict: In some circumstances, you can request us to restrict the processing of your personal data, for example if you contest the accuracy of your personal data;

e)     Data portability: In some circumstances, you can receive from us a copy of your personal data, that you have shared with us, in a structured, commonly used and machine-readable format so that you can use this information set for other purposes and, where technically feasible, to transmit those data to another controller. You may exercise this right by using “Export local data” function of the Quick Border Application under the “Settings” option and “Local data” submenu.;

f)       Withdraw consent: When we process your data based on your consent, you can withdraw your consent at any time by deleting journey(s) from the Quick Border Application or removing the entire Quick Border Application from your mobile device. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The withdrawal will result in immediate deletion of the data from your Quick Border Application, but the data stored in Quick Border Application’s Backend will be deleted in 24 hours.

g)     Lodge a complaint: You can lodge a complaint with a supervisory authority - the European Data Protection Supervisor.

Automated decision-making or profiling will not take place during the pilot testing phase of the Quick Border Application.

7. Data retention

Your data is stored in your device until you delete them from the device or remove the Quick Border Application. Frontex will retain some data, e.g. travel itinerary information, Information whether you have: a reception certificate or an accommodation reservation, sufficient means of subsistence for the planned stay and medical insurance valid for the entire duration of the trip, a scanned picture of your passport, NFC chip reading of your passport and live facial image in the Quick Border Application’s Backend for no longer that one (1) day, and will delete them after this period.

8. Processed data categories

We will process the following data categories:

●       Mobile device ID,
●       PIN code (user defined),
●       Travel itinerary information, such as:
     ○       whether you are arriving in or departing from the EU/Schengen Zone,
     ○       airport of arrival at the Schengen Zone,
     ○       date of arrival or departure from the Schengen Zone,
●       Traveler information:
     ○       Information whether you possess a visa / residence permit / you are an EU national,
     ○       Information whether you have:
          ■       a reception certificate or an accommodation reservation,
          ■       sufficient means of subsistence for the planned stay,
          ■       medical insurance valid for the entire duration of the trip,
     ○       A scanned picture of passport,
     ○       NFC chip reading of passport,
     ○       Passport information, including:
          ■       First name,
          ■       Middle name,
          ■       Last name,
          ■       Country issuing the passport,
          ■       Birthdate,
          ■       Country of birth,
          ■       Expiration date of the passport,
          ■       Nationality,
          ■       Passport number,
          ■       Sex,
          ■       Document type,
          ■       Document subtype,
          ■       Image of biographical page (VIS Image),
     ○       Live facial image.

9. Final Provisions

The participation in the pilot project of the Quick Border Application and provision of personal data in it is voluntary. However, for the proper functioning of the Quick Border Application in a device provided by Frontex, you must set at least one pin code. If the app will be installed in your device you will need to set a pin code, use the password code that will be provided to you and use a direct link to download the app.

Introduction

Please read these Terms and Conditions (“Terms”) carefully before accessing or using this Quick Border Application (“App”) as they govern your access to and use of this App.

In these Terms, any use of the word “you”, “your” or similar expressions means any user of this App.

App provider

This App is provided by the European Border and Coastguard Agency (“Frontex”), headquartered at Plac Europejski 6, 00-844 Warsaw, Poland.

Conditions for conclusion and termination of the contract

By signing up for Quick Border Application, you agree to these Terms. If you do not agree to these Terms, then you must not access or use this App. By accessing and using this App, you:

-        accept and agree to be bound and comply with these Terms,

-        represent and warrant that you are the legal age of majority under applicable law to form a binding contract with the provider - the European Border and Coastguard Agency.

By accepting these Terms you thereby enter into a contract with Frontex. You can terminate this contract at any time by deleting the App from your system.

Voluntary use of the App

The use of this App is voluntary. It provides you with a possibility to submit your required entry information to the Border Control Point in advance of your arrival to the Schengen Area. The App is currently in the pilot phase (“Pilot Project”) and applies exclusively to arrival in the territory of Sweden.

If you do not want to use this App, please proceed with your documents directly to the Border Control Point. If you give your consent, facial recognition will be used to verify your identity when creating your traveller data in the App and/or when you cross the border in the selected Schengen Area country.

Types and scope of services provided

Frontex created this App to enable the pre-registration of travellers’ data. The context for this development is the upcoming European Entry/Exit System. This system, relevant across the Schengen Area of 27 European states, will introduce some new procedures and requirements. It will register a picture of the face of all travellers who need to register according to Schengen acquis coming for a short stay each time they cross an external border. As an automated IT system, it provides opportunities for technological innovation and travel facilitation. This App aims to ensure a quick, smooth and secure travel experience.

The Entry/Exit System will apply to third country nationals with a biometric passport, arriving in the Schengen Area for short stays. It will be relevant for both visa holders (i.e. Schengen visa holders coming as tourists) as well as visa-exempt travellers. In line with the eligibility criteria for registering in the Entry/Exit System, this App follows the same requirements. As you create the journey, you will be asked questions that allow determining what data you should submit.

The App is provided free of charge and as a part of a research project towards smoother, more comfortable, and more efficient identity verification for travellers with due respect for security and privacy. As a Pilot Project, the App provides a set of testing functionalities and it should be used only as indicated by the App.

All information collected will be kept strictly secure. Individual details will not be disclosed or identifiable from this mobile App and your data will remain within the App systems until you submit it to your selected border crossing.

If you are using this App to add more travellers (co-travellers) to one journey, you should make sure to receive the consent of your co-travellers to collect their data. The process of data acquisition and storage in the App should be done in the presence of the identity owners. If you are using this App to introduce the data of minors (under 18 years of age), you should be able to demonstrate that you are the legal guardian of the minors or have the relevant delegated permissions.

No guarantee of entry

The use of the App does not constitute any guarantee that the crossing at the selected destination is assured. The decision on your crossing will be taken by the relevant authorities on your processing by a border guard at the border crossing point. You must not provide information which you know or reasonably suspect to be false or misleading. Doing so could result in legal penalties.

Technical requirements

To use the App, you will need a mobile device with an up-to-date operating system and possibility to connect it to the Internet. Using the most recent version of the operating system available for download is recommended at all times. Certain functionalities may not be available in versions older than the most recent one. You will also need enough free space of memory to download and install the App, an NFC reader, a camera and an Internet connection for data transmission. The App will require you to provide your biometric passport.

Risks associated with using the App

The App is developed with high quality standards. Nonetheless, it is possible that you may experience some malfunctions or the App might not be able to provide you the expected service. Particular risks are related to revealing login details to unauthorised persons which may lead to leak of personal data or changes in configuration of the App. Travellers are obliged to keep their login details confidential.

The prohibition of providing unlawful content

You must access and use the App only for legal, authorised, and acceptable purposes. You will not use (or assist others in using) the App services in ways that violate, misappropriate (for example, impersonating someone), infringe the rights of others, are illegal, harassing, offensive, instigate or encourage illegal or inappropriate conducts or can provide misleading or incorrect data. You are required to keep your data accurate and up-to-date.

Amendments to Terms

Frontex does not foresee any amendments to these Terms during the Pilot Project.                     

Information, questions and complaints

You may contact Frontex, including filing a complaint, making inquiries regarding the use of the App or submitting ideas for improvement:

-        in writing to the address:

Frontex. Research and Innovation Unit
Plac Europejski 6, 00-844 Warszawa (Poland)

-        in an electronic form to the e-mail address:

questionnaire.pilot.project@frontex.europa.eu

A complaint should be submitted within 30 days from the date of occurrence of the circumstances giving rise to the complaint. It must include at least your name, surname and contact details (e.g. email address), a description of what the complaint is about and the suggested resolution method for the complaint. Frontex shall take and present its stand in the case within 14 days following the complaint receipt.

More information

Information on how your data is processed in connection with the use of the App is available in Privacy Notice. You can find the Data Privacy Policy and more general information relating to the Pilot Project of the App at frontex.europa.eu.