Personal data protection officer

Pursuant to Article 20 of the Foreign Affairs Act (“Official Gazette”, Nos. 48/1996, 72/2013 and 127/2013) and Article 18a of the Personal Data Protection Act (“Official Gazette”, Nos. 103/2003, 118/2006, 41/2008 and 113/2011 and 106/12-consolidated text), the Ministry of Foreign and European Affairs has appointed a personal data protection officer.

The data protection officer shall have at least the following tasks:
  • to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;
  • to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
  • to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;
  • to cooperate with the supervisory authority;
  • to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.


The Visa Information System (VIS) is a central IT-system for all Schengen-countries.
The main purpose of the Visa Information System (VIS) is improving the implementation of the common visa policy, consular cooperation and consultation between central visa authorities by facilitating the data exchange between Member States on visa applications and related decisions, in order to facilitate the visa application procedure, to prevent “visa shopping”, to facilitate the fight against fraud and to facilitate checks at external border crossing points and within the territory of the Member States. The VIS assists in the identification of any person who may not, or may no longer, fulfil the conditions for entry to, stay or residence on the territory of the Member States. The VIS also establish the criteria and mechanism for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national and mechanism where visas for stays up to 90 days (type C), are requested.
The system contains personal information of persons who apply for a short-stay Schengen-visa. Collecting your personal data as required by the standardized Schengen application form, taking your photograph and your fingerprints are mandatory for your visa application to be assessed. Failure to provide such data results in the application being inadmissible.

VIS info flyer 

The legal basis for collecting and processing your personal data is set out in Regulation (EC) No 810/2009 of the European Parliament and of the Council of 13 July 2009 establishing a Community Code on Visas (Visa Code) and Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation).
Data is shared with the relevant authorities of the EU Member States and processed by those authorities for the purpose of deciding on your visa application.  Your data and the data concerning the decision taken on your application or a decision to annul, revoke or extend an issued visa will be entered and stored in the Visa Information System (VIS) for a maximum period of five years, during which time it will be accessible to the visa authorities and the authorities competent for carrying out checks on visas at external borders and within the Member States, immigration and asylum authorities in the Member States for the purposes of verifying whether the conditions for the legal entry, stay and residence in the territory of the Member States are fulfilled, identifying persons who do not or who no longer fulfil these conditions, examining an asylum application and determining responsibility for such examination. Under certain conditions the data will also be available to designated authorities of the Member States and to Europol for the purpose of prevention, detection and investigation of terrorist offences and of other serious criminal offences. Your personal data might also be transferred to third countries or international organizations for the purpose of proving the identity of third-state nationals, including for the purpose of return. Such transfer may only take place under certain conditions laid down in Article 31 of Regulation (EC) No 767/2008 (VIS Regulation).
VFS Global processes personal data on behalf of the Ministry of Foreign and European Affairs of the Republic of Croatia and is bound by standard contractual clauses (Commission Decision 2010/87/EU) for ensuring the same standard of personal data protection as the Ministry of Foreign and European Affairs of the Republic of Croatia under the General Data Protection Regulation (Regulation (EU) 2016/679).
According to Articles 15 to 19 of Regulation (EU) 2016/679 (General Data Protection Regulation) and Article 38 of Regulation (EC) No 767/2008 (VIS Regulation), you are entitled to access  your personal data, to have a copy of it  and to the information about which Member State transmitted it to the VIS. You are also entitled to have your personal data that is inaccurate or incomplete, corrected or completed, the processing of your personal data restricted under certain conditions, and to have your personal data that were processed unlawfully, erased.
The authority in charge of processing the data collected in visa procedures is the Ministry of Foreign and European Affairs of the Republic of Croatia. You may address your request for access, rectification, restriction or erasure to the Personal Data Protection Officer.
Request for Access, Correction and /or Deletion of Personal Data processed in the Visa Information System (VIS) 
Please send the filled-in form directly to the Ministry of Foreign and European Affairs of the Republic of Croatia or send it by e-mail:

Personal Data Protection Officer
Trg N. Š. Zrinskog 7-8, 1000 Zagreb, Croatia
Telephone: 00385 1 4597 429
If you consider that your data have been unlawfully processed you are also entitled to file a complaint with the national supervisory authority in the Republic of Croatia at any time:
Selska cesta 136,
10 000 Zagreb, Croatia
Telephone 00385 (0)1 4609 000, Fax 00385 (0)1 4609-099,

An appeal against the decision of the Agency is not admissible, but an action may bring an administrative dispute before the competent administrative court.
Avenija Dubrovnik 6, 10020 Zagreb
Phone: + 385 1 6011 326 or + 385 1 6011 336
Fax: +385 1 6011 300