Go to content

Self Service Passport Control

This privacy statement explains how the Royal Netherlands Marechaussee processes your personal data if you choose to use Self Service Passport Control (SSPC). The SSPC system allows travellers to cross the border using facial comparison. The General Data Protection Regulation (GDPR) applies to data processing within the SSPC system.

Controller

The Royal Netherlands Marechaussee is responsible for carrying out border control in the Netherlands and operates under the management of the Ministry of Defence. Therefore, the data processing in SSPC is the responsibility of the Minister of Defence. However, authority over border control in the Netherlands lies with the Minister of Asylum and Migration.

What personal data do we process?

The Royal Netherlands Marechaussee processes the following personal data for automatic passport control:

  • Biometric personal data: This includes a passport photo from the travel document and a live facial photo for comparison. After the launch of the Entry Exit System (EES), fingerprints of third-country nationals who are visa-exempt and holders of an FTD passport may also be processed.

  • Personal data from the travel document: Full name, date and place of birth, nationality, gender, height, signature, document number, citizen service number (BSN) or a similar personal number, country of issue, and validity date.

  • For travellers under the scope of EES: Verification results with the EES and the remaining free stay period (or overstays).

How and on what legal basis do we obtain your personal data?

You provide your personal data to the Royal Netherlands Marechaussee in the SSPC eGates voluntarily. If you do not wish to provide biometric personal data, you can choose to cross the border via manual control without facial comparison. However, other personal data will still be required. For travellers under the scope of EES, after its launch, biometric data will also be mandatory at manual border control.

If you choose to cross the border via SSPC, your personal data will be processed due to the necessity for the fulfilment of a task of substantial public interest, namely carrying out border control as assigned to the Royal Netherlands Marechaussee under Section 4(1)(f) of the Police Act 2012, Section 46(1)(a) of the Aliens Act 2000, and Article 8 of the Schengen Borders Code.

What do we use your personal data for?

In SSPC, your personal data will be used for border control through facial comparison. An algorithm compares a live photo of your face with the photo in your travel document to verify your identity.

Your personal data are also used for all regular border control processes, as required by the Schengen Borders Code and the EES Regulation. This includes verifying the authenticity and validity of your travel document and checking national and European police databases.

Your personal data will not be sold, leased, or used for any other commercial purposes. Personal data will not be shared with third parties unless required or permitted by relevant legal regulations.

How and for how long do we store your personal data?

The Royal Netherlands Marechaussee has taken appropriate technical and organisational measures to protect your personal data. We use an integrated security system made up of physical, informational, and personnel security measures. The full set of security measures is detailed in the Defence Security Policy.

Your personal data will be stored for a maximum of 24 hours after you have crossed the border, after which they will be destroyed.

Personal data will only be stored for longer than 24 hours when necessary to carry out criminal investigations or other police tasks. In those cases, the Police Data Act applies instead of the GDPR.

Only in rare cases, personal data from SSPC will be stored for longer than 24 hours for research purposes to verify the correct and ethical functioning of the system’s algorithm. This only concerns the personal data strictly necessary for such research. In addition, this data will remain subject to the security measures of the Defence Security Policy and will be destroyed as soon as possible.

Personal data related to the EES are also stored longer in the central European system.

Processors

Personal data in SSPC may be processed by the following organisations on behalf of the Royal Netherlands Marechaussee. Processing agreements have been concluded with these organisations, obliging them to abide by the terms of the Royal Netherlands Marechaussee in accordance with this privacy statement:

  • Schiphol Netherlands B.V. (processor)
  • Vision-Box Soluçoes de Visao por Computador S.A. (sub-processor & supplier)

What are your rights?

The Royal Netherlands Marechaussee wishes to make you fully aware of your rights regarding your personal data. Each traveller has the following rights:

  • Right of access: You have the right to request copies of your personal data.
  • Right to rectification: You have the right to request changes to personal data that you consider inaccurate or incomplete.
  • Right to erasure: You have the right to request the erasure of your personal data. This request will only be granted if the personal data have been obtained unlawfully or improperly or if the retention period has expired.
  • Right to restriction of processing: You have the right to request the restriction of processing of your personal data. This request will only be granted if the personal data have been obtained unlawfully or improperly.
  • Right to object: You have the right to object to the processing of your personal data. This request will only be granted if the personal data have been obtained unlawfully or improperly.If you have any questions about this privacy statement or about the processing of your personal data, or if you want to exercise the above-mentioned rights, please contact us through the website below or by post. The GDPR allows us one month, which may be extended conditionally by two more months, to respond to your requests.

Contact

If you have any questions about this privacy statement or about the processing of your personal data, or if you want to exercise the above-mentioned rights, please contact us through the website below or by post. The GDPR allows us one month, which may be extended conditionally by two more months, to respond to your requests.

www.marechaussee.nl/privacy

Postal address:

Netherlands Ministry of Defence
Royal Netherlands Marechaussee
GDPR Coordinator
PO Box 20701
2500 ES, The Hague, Netherlands

Complaints to the supervisory authority

If you wish to complain about the processing of your personal data, or if you believe that the Royal Netherlands Marechaussee has not handled a request with regard to this correctly, you can contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Website: www.autoriteitpersoonsgegevens.nl

E-mail: info@autoriteitpersoonsgegevens.nl

Postal address:

Dutch Data Protection Authority
PO Box 93374
2509 AJ, The Hague, Netherlands

This statement was last updated on 29 August 2024.