Go to content

Manual border control

This privacy statement explains how the Royal Netherlands Marechaussee processes your personal data for border control performed by our border guards at the manual desks. Two IT systems are used for this purpose: the Border Control System (BCS) and the Border Crossing Decision Service (GPBS).

In principle, the General Data Protection Regulation (GDPR) applies to these data processing operations. If a criminal suspicion or alert arises during the control, the Police Data Act (Wpg) will apply.

At Schiphol, travelers of specific nationalities can also cross the border through the eGates of Self Service Passport Control (SSPC). For more information on data processing in that system, please refer to the SSPC privacy statement.

Data controller

The Royal Netherlands Marechaussee is responsible for carrying out border control in the Netherlands. It operates under the administration of the Ministry of Defence. Therefore, data processing during border control falls under the responsibility of the Minister of Defence. However, authority over border control tasks in the Netherlands rests with the Minister for Asylum and Migration.

What personal data do we process?

For border control in the BCS and GPBS, the Royal Netherlands Marechaussee processes the following personal data:

  • Personal data from your travel document (full name, date and place of birth, nationality, gender, height, signature, document reference number, citizen service number (BSN) or similar personal number, country of issue, and validity date).
  • Your (non-biometric) facial photo and an optical image of the travel document.
  • Any hits from queried police databases (police data under the Wpg).
  • For travellers requiring a visa: a biometric facial photo for facial comparison and the result, fingerprints, verification results from the Visa Information System (VIS), an entry/exit record, and the remaining free period of stay (or any overstay).
  • For travellers under the scope of the Entry/Exit System (EES): a biometric facial photo for facial comparison and the result, fingerprints, verification results from the EES, an entry/exit record, and the remaining free period of stay (or any overstay).
  • Any return decisions from the Schengen Information System (SIS-II).
  • Any notes made by the border guards.

Providing your personal data is mandatory if you wish to cross the Schengen border. Your personal data is processed for the performance of a task carried out in the public interest, specifically the execution of border control as mandated to the Royal Netherlands Marechaussee under Section 4(1)(f) of the Police Act 2012, Section 46(1)(a) of the Aliens Act 2000, and Article 8 of the Schengen Borders Code.

Any police data resulting from hits in queried databases are processed under Articles 8 and/or 9 of the Wpg.

For more information on the legal basis for data processing under the EES, please refer to the EES privacy statement.

How we use your personal data

Your personal data will be used for border control as required by the Schengen Borders Code. This includes verifying the authenticity and validity of your travel document and checking national and European police databases to determine if you appear in them.

Data from border crossings may also be used by the Royal Netherlands Marechaussee for intelligence purposes. This means we analyse data to help us carry out our legal duties as effectively as possible. These data are anonymised as much as possible by removing identifiable information such as names. A small percentage of these data may, in theory, remain indirectly identifiable for a time if a more extensive investigation has been conducted. However, these data will no longer be actively used for further person-related checks.

Your personal data will not be sold, leased, or used for any other commercial purposes. Your personal data will not be shared with third parties unless this is required or permitted by relevant legal provisions. This may be the case, for example, with hits in national or international police databases.

How we store and retain your personal data

The Royal Netherlands Marechaussee has taken appropriate technical and organisational measures to protect personal data in the BCS and GPBS border systems. We use an integrated security system that includes physical, informational, and personnel security measures. The full set of security measures is outlined in the Defence Security Policy.

Your personal data will be retained for a maximum of 24 hours after you cross the border, after which they will be destroyed.

If necessary for conducting a criminal investigation or any other police task, your personal data will be stored for longer than 24 hours in a separate system. The Police Data Act will apply to these data processing operations instead of the GDPR.

Additionally, anonymised data from the border systems may be retained for intelligence purposes for a longer period, specifically two years. A small percentage of these data may remain indirectly identifiable during that time.

Data processed for the EES will also be stored for a longer period in the central European system.

Processors

No external parties act as processors in the sense of the GDPR or Wpg with regard to data processing in the BCS and GPBS border systems.

Your rights

The Royal Netherlands Marechaussee aims to fully inform you of your rights regarding your personal data or police data. Each traveller has the following rights:

  • Right of access/disclosure — You have the right to request copies of your personal data.
  • Right to rectification — You have the right to request changes to personal data you believe are inaccurate or incomplete.
  • Right to erasure — You have the right to request the erasure of your personal data. This request will only be granted if the personal data was obtained unlawfully or improperly, or if the retention period has expired.
  • Right to restriction of processing — You have the right to request the restriction of the processing of your personal data. This request will only be granted if the personal data was obtained unlawfully or improperly.
  • Right to object — You have the right to object to the processing of your personal data. This request will only be granted if the personal data was obtained unlawfully or improperly.

Contact

If you have any questions about this privacy statement or the processing of your personal data, or if you wish to exercise the above rights, please contact us via the website or postal address below. The GDPR grants us a one-month period, extendable by another two months under certain conditions, to respond to your requests. For requests regarding police data, the Wpg provides a six-week period, extendable by another six weeks.

Website: marechaussee.nl/privacy

Postal address:
Ministry of Defence
Royal Netherlands Marechaussee
GDPR Coordinator or Wpg Officer
PO Box 20701
2500 ES, The Hague
Netherlands

Complaints: Supervisory authority

If you wish to file a complaint about the processing of your personal data or believe the Royal Netherlands Marechaussee has not properly handled a request, you can contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Website: www.autoriteitpersoonsgegevens.nl
Email: info@autoriteitpersoonsgegevens.nl
Postal address:
Dutch Data Protection Authority
PO Box 93374
2509 AJ, The Hague
Netherlands

This statement was last updated on 29 August 2024.