Data protection


Privacy notice: Quick Border Application

1. Controller information

The European Border and Coast Guard Agency (Frontex), as an EU agency, is the data controller who collects and further processes personal data in accordance with the provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (the “Data Protection Regulation”).

Controller’s contact information:

●       Address: European Square 6, 00-844 Warsaw, Poland

●       E-mail: frontex@frontex.europa.eu

2. Data Protection Officer

If you have any query relating to processing of your data you may at any time consult Frontex Data Protection Officer (dataprotectionoffice@frontex.europa.eu).

3. Data collection and processing purposes

We collect your personal data directly from you, when you are the person using the Quick Border Application and filling out the border check-in questionnaire.

We may also collect your personal data indirectly, when you are a “co-traveller” and another person, authorized by you, fills out the border check-in questionnaire in the Quick Border Application on your behalf.

As part of the Quick Border App Pilot project an operational phase will be done with real travelers. The purpose of processing for Frontex is for research i.e. to test the use of the newly developed app with real travelers. This includes

● provision of the traveler with an electronic service in the form of the Quick Border Application,

● confirmation of the identity of the traveler using a biometric assessment (liveness check),

● performance of automatic monitoring of user activity (such as performance of different modules in the Quick Border Application; for example, success rates for passport reading and liveness detection) and to prepare anonymized statistics for research purposes. The monitoring will be carried out with the use of a tool approved by the European Commission.

● to support the Schengen Area border check-in procedure at the Stockholm Arlanda Airport and to provide your personal data to the border authority - Polismyndigheten (the Swedish Police Authority)

During the pilot testing phase of the Quick Border Application, we will process personal data of passengers arriving at the Schengen Area at the Stockholm Arlanda Airport for the below listed specific purposes:

 ●       to support the Schengen Area border check-in procedure at the Stockholm Arlanda Airport, including calculation of the duration of your authorised stay and to provide your personal data to the border authority - Polismyndigheten (the Swedish Police Authority) (legal basis: Article 5 par. 1 let. d of the Data Protection Regulation – your consent)

●       to confirm your identity using a biometric assessment (liveness check) (legal basis: Article 10 par. 2 let. a of the Data Protection Regulation - your explicit consent)

●       to provide you with an electronic service in the form of the Quick Border Application (legal basis: Article 5 par. 1 let. c of the Data Protection Regulation - the processing is necessary for the performance of a contract to which you are a party)

●       to perform automatic monitoring of user activity (such as performance of different modules in the Quick Border Application; for example, success rates for passport reading and liveness detection) and to prepare anonymised statistics for research purposes. The monitoring will be carried out with the use of a tool approved by the European Commission - Dynatrace (legal basis: Article 5 par. 1 let. d of the Data Protection Regulation – your consent)

4. Third parties

Your personal data will be shared with the following recipients:

- Polismyndigheten (the Swedish Police Authority). The Swedish Police Authority will act as a separate controller and will provide you with a separate privacy notice relating to its processing of your personal data. The said privacy statement is available below.

- Provider of hosting services (as processor) which enables the functioning of the Quick Border Application - NetCompany Intrasoft.

- Providers of the biometric assessment services (liveness check) – Inverid and iProov, as processors.

5. Data transfers

With the exception in the following paragraph, your data will not be transferred outside the European Economic Area.

Authorised sub-processors (NetCompany Intrasoft, InverID and IProov) will process personal data in the UK. The UK is considered as providing adequate protection of personal data (Commission Implementing Decision (EU) 2021/1772).

6. Data subject rights

You, as a data subject, have the right to:

a)     Access: You can request confirmation from us whether or not we are processing your personal data and information on purposes of processing, categories of personal data, the recipients of your personal data, the envisaged retention period, whether you can request rectification, erasure, restriction of processing or object to the processing of your personal data, the right to lodge a complaint with the European Data Protection Supervisor, the source of collection of data as well as whether there occurs automated decision-making, including profiling;

b)     Rectify: You can request rectification of inaccurate personal data so that we possess the correct information about you;

c)     Erase: In some circumstances, you can request that we erase your personal data that we collect and process, for example if your personal data is no longer necessary for achieving the purposes for which it is processed. You can delete your data from the Quick Border Application any time by deleting journey(s) from the Quick Border Application or removing the entire Quick Border Application from your mobile device. The data stored in Quick Border Application’s Backend are deleted after one (1) week since they are created;

d)     Restrict: In some circumstances, you can request us to restrict the processing of your personal data, for example if you contest the accuracy of your personal data;

e)     Data portability: In some circumstances, you can receive from us a copy of your personal data, that you have shared with us, in a structured, commonly used and machine-readable format so that you can use this information set for other purposes and, where technically feasible, to transmit those data to another controller. You may exercise this right by using “Export local data” function of the Quick Border Application under the “Settings” option and “Local data” submenu;

f)       Withdraw consent: When we process your data based on your consent, you can withdraw your consent at any time by deleting journey(s) from the Quick Border Application or removing the entire Quick Border Application from your mobile device. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal (including transfer of your personal data to Polismyndigheten (the Swedish Police Authority). The withdrawal will result in immediate deletion of the data from your Quick Border Application, but the data stored in Quick Border Application’s Backend will be deleted in 7 days, and from the backup storage after another 7 days;

g)     Lodge a complaint: You can lodge a complaint with a supervisory authority - the European Data Protection Supervisor.

7. Data retention

Your data is stored in your device until you delete them from the device or remove the Quick Border Application. Frontex will retain some data. mobile device ID, travel itinerary information; Information whether you have: a reception certificate or an accommodation reservation, sufficient means of subsistence for the planned stay and medical insurance valid for the entire duration of the trip; a scanned picture of your passport; NFC chip reading of your passport and live facial image) in the Quick Border Application’s Backend for no longer that one (1) week, and will delete them after this period irrespective of the fact that you submit your data to the border authority via the Quick Border Application or not. 

8. Processed data categories

We will process the following data categories:

●       Mobile device ID,
●       PIN code (user defined),
●       Data related to setup of the application (activation code; information on permission to receive push notifications; fact of accepting the terms and conditions and acknowledging the privacy notice; fact of enabling biometrics from the mobile),
●       Technical information concerning the use of the document verification service (such as data on the device and on service usage, including the duration of the use of the service, activity in the service, IP address, domain name, software and hardware attributes, general geographic location (e.g. city, state, country)),
●       Travel itinerary information, such as:
     ○       whether you are arriving in or departing from the EU/Schengen Zone,
     ○       airport of arrival at the Schengen Zone,
     ○       date of arrival or departure from the Schengen Zone,
●       Traveler information:
     ○       Information whether you possess a visa / residence permit / you are an EU national,
     ○       Information whether you have:
          ■       a reception certificate or an accommodation reservation,
          ■       sufficient means of subsistence for the planned stay,
          ■       medical insurance valid for the entire duration of the trip,
     ○       A scanned picture of passport,
     ○       NFC chip reading of passport,
     ○       Passport information, including:
          ■       First name,
          ■       Middle name,
          ■       Last name,
          ■       Country issuing the passport,
          ■       Birthdate,
          ■       Country of birth,
          ■       Expiration date of the passport,
          ■       Nationality,
          ■       Passport number,
          ■       Gender information,
          ■       Document type,
          ■       Document subtype,
          ■       Image of biographical page (VIS Image),
     ○       Live facial image.

9. Final provisions

The participation in the pilot project of the Quick Border Application and provision of personal data in it is voluntary. However, for the proper functioning of the Quick Border Application, you must provide at least one pin code, while a password will be provided by the app developer. In order to complete the Schengen Area border check-in procedure, it is necessary to perform the confirmation of your identity using a biometric assessment. If you do not wish to provide any of your data in the Quick Border Application, or you do not wish to submit your data to the border authority via the Quick Border Application, you will be able to complete the border check-in procedure at the airport.

10. Fundamental rights

If you believe that your fundamental rights has been affected by the use of the app, please, you can make a complaint following the Complaints Mechanism.


Privacy notice: Swedish Police Authority

In this pilot project the Swedish Police Authority is data controller when processing your personal information after we have received the data from Frontex. The following personal data is processed: Mobile device ID, Travel itinerary information such as: whether you are arriving in or departing from the EU/Schengen Zone, airport of arrival at the Schengen Zone, date of arrival or departure from the Schengen Zone; Traveler information: Information whether you possess a visa / residence permit / you are an EU national; Information whether you have: a reception certificate or an accommodation reservation, sufficient means of subsistence for the planned stay, medical insurance valid for the entire duration of the trip; A scanned picture of passport; NFC chip reading of passport; Passport information, including: First name, Middle name, Last name, Country issuing the passport, Birthdate, Country of birth, Expiration date of the passport, Nationality, Passport number, Gender information, Document type, Document subtype, Image of biographical page (VIS Image), Live facial image. We process your data to carry out border checks and for the purpose of developing and testing a new technical solution for pre-registration of data and for processing and verification of facial images at border controls. The processing is necessary to perform a task carried out in the public interest according to article 6.1 e) in the General Data Protection Regulation (GDPR). We base the processing of your data on the Schengen Borders Code (EU Regulation 2016/399), EU Regulation 2017/2226, Aliens Act (2005:716) and Aliens Data Act (2016:27). Your data will be stored until you arrive at the border control and in any case no longer than 7 days. Only border control officers and a limited number of personnel at the Swedish Police Authority´s IT Department will have access to your data.

You have the right to access your personal data and to ask us to rectify information that is inaccurate. You also have the right to request us to erase your information and to restrict the processing of your information. Furthermore, you have the right to object to processing. If you wish to exercise any of these rights you may contact the Swedish Police Authority as data controller at registrator.kansli@polisen.se. The data protection officer of the Swedish Police Authority can be reached at dataskyddsombud@polisen.se. If you think that your personal data is processed incorrectly you can also file a complaint to the Swedish Authority for Privacy Protection at imy@imy.se.”


Terms and conditions

Introduction

Please read these Terms and Conditions (“Terms”) carefully before accessing or using this Quick Border Application (“App”) as they govern your access to and use of this App.

In these Terms, any use of the word “you”, “your” or similar expressions means any user of this App.

App provider

This App is provided by the European Border and Coast Guard Agency (“Frontex”), headquartered at Plac Europejski 6, 00-844 Warsaw, Poland.

Conditions for conclusion and termination of the contract

By signing up for Quick Border Application, you agree to these Terms. If you do not agree to these Terms, then you must not access or use this App. By accessing and using this App, you:

-        accept and agree to be bound and comply with these Terms,

-        represent and warrant that you are the legal age of majority under applicable law to form a binding contract with the provider - the European Border and Coast Guard Agency.

By accepting these Terms you thereby enter into a contract with Frontex. You can terminate this contract at any time by deleting the App from your system.

Voluntary use of the App

The use of this App is voluntary. It provides you with a possibility to submit your required entry information to the Border Control Point in advance of your arrival to the Schengen Area. The App is currently in the pilot phase (“Pilot Project”) and applies exclusively to arrival in the territory of Sweden.

If you do not want to use this App, please proceed with your documents directly to the Border Control Point. If you give your consent, facial recognition will be used to verify your identity when creating your traveller data in the App and/or when you cross the border in the selected Schengen Area country.

Types and scope of services provided

Frontex created this App to enable the pre-registration of travellers’ data. The context for this development is the upcoming European Entry/Exit System. This system, relevant across the Schengen Area of 27 European states, will introduce some new procedures and requirements. It will register a picture of the face of all      travellers who need to register according to Schengen acquis coming for a short stay each time they cross an external border. As an automated IT system, it provides opportunities for technological innovation and travel facilitation. This App aims to ensure a quick, smooth and secure travel experience.

The Entry/Exit System will apply to third country nationals with a biometric passport, arriving in the Schengen Area for short stays. It will be relevant for both visa holders (i.e. Schengen visa holders coming as tourists) as well as visa-exempt travellers. In line with the eligibility criteria for registering in the Entry/Exit System, this App follows the same requirements. As you create the journey, you will be asked questions that allow determining what data you should submit.

The App is provided free of charge and as a part of a research project towards smoother, more comfortable, and more efficient identity verification for travellers with due respect for security and privacy. As a Pilot Project, the App provides a set of testing functionalities and it should be used only as indicated by the App.

All information collected will be kept strictly secure. Individual details will not be disclosed or identifiable from this mobile App and your data will remain within the App systems until you submit it to your selected border crossing.

If you are using this App to add more travellers (co-travellers) to one journey, you should make sure to receive the consent of your co-travellers to collect their data. The process of data acquisition and storage in the App should be done in the presence of the identity owners. If you are using this App to introduce the data of minors (under 18 years of age), you should be able to demonstrate that you are the legal guardian of the minors or have the relevant delegated permissions.

No guarantee of entry

The use of the App does not constitute any guarantee that the crossing at the selected destination is assured. The decision on your crossing will be taken by the relevant authorities on your processing by a border guard at the border crossing point. You must not provide information which you know or reasonably suspect to be false or misleading. Doing so could result in legal penalties.

Technical requirements

To use the App, you will need a mobile device with an up-to-date operating system and possibility to connect it to the Internet. Using the most recent version of the operating system available for download is recommended at all times. Certain functionalities may not be available in versions older than the most recent one. You will also need enough free space of memory to download and install the App, an NFC reader, a camera and an Internet connection for data transmission. The App will require you to provide your biometric passport.

Risks associated with using the App

The App is developed with high quality standards. Nonetheless, it is possible that you may experience some malfunctions or the App might not be able to provide you the expected service. Particular risks are related to revealing login details to unauthorised persons which may lead to leak of personal data or changes in configuration of the App. Travellers are obliged to keep their login details confidential, not sharing the personal PIN code that protects data in the app.

The prohibition of providing unlawful content

You must access and use the App only for legal, authorised, and acceptable purposes. You must not use (or assist others in using) the App services in ways that violate, misappropriate (for example, impersonating someone), infringe the rights of others, are illegal, harassing, offensive, instigate or encourage illegal or inappropriate conducts or can provide misleading or incorrect data. You are required to keep your data accurate and up-to-date.

Amendments to Terms

Frontex does not foresee any amendments to these Terms during the Pilot Project.                     

Information, questions and complaints

You may contact Frontex, including filing a complaint, making inquiries regarding the use of the App or submitting ideas for improvement:

-        in writing to the address:

Frontex Research and Innovation Unit
Plac Europejski 6, 00-844 Warszawa (Poland)

-        in an electronic form to the e-mail address: questionnaire.pilot.project@frontex.europa.eu

A complaint should be submitted within 30 days from the date of occurrence of the circumstances giving rise to the complaint. It must include at least your name, surname and contact details (e.g. email address), a description of what the complaint is about and the suggested resolution method for the complaint. Frontex shall take and present its stand in the case within 14 days following the complaint receipt.

More information

More general information relating to the Pilot Project of the App and information on how your data is processed in connection with the use of the App is available in Privacy Notice (above).