česky  english  中文 

Advanced search

Personal Data Processing and Its Protection

Personal data processing and protection at the Ministry of Foreign Affairs of the Czech Republic

The Ministry of Foreign Affairs of the Czech Republic (MFA) processes and protects personal data in accordance with the applicable legislation.

The MFA’s responsibilities in this area are set out in the General Data Protection Regulation (GDPR) and the Personal Data Protection Act.

1. What kind of personal data does the MFA process?

The meaning of the term “personal data” is defined in the relevant legislation. The extent of personal data processed for different purposes may vary. Normally, the extent of the data that you will have to provide is evident e.g. from the form to be filled in for the given purpose.    

Personal data include, in particular:

  • Academic degree/title
  • Name and surname
  • Permanent residence address
  • Date of birth or personal identification number, if required
  • Numbers of presented documents
  • Telephone numbers and email address

2. What is the legal basis for personal data processing at the MFA?

In most cases, the MFA processes personal data on the following legal basis:

  • the necessity for compliance with the legal obligation to which the MFA is subject to,
  • the necessity for the performance of a task carried out in the public interest or in the exercise of official authority vested in the MFA,  
  • the necessity for performance of a contract to which the MFA is party or in order to take steps at the request of the data subject prior to entering into a contract.

Personal data are processed to the extent and for the time necessary for fulfilling the given purpose. The MFA must not keep them for longer than necessary for the purpose; in any case, the retention period must not exceed the time limit set in the relevant legislation. In cases where personal data are processed for purposes relating to a contract, the MFA can keep the data only for as long as necessary for the performance of the contract or until the rights and obligations resulting from the contract are finally settled.

In cases where the above legal basis does not apply, the MFA must obtain from the data subject a declaration of consent to the processing of personal data. The declaration states the purpose and the time for which consent is given (such declarations are required, for example, from travellers registering in the DROZD consular database).

3. Which of the MFA’s services to the public involve personal data processing?

The services involving data processing operations include, in particular:

Visas (visa applications, visa archives, visa appeals, visa appointment system, special visa schemes for Ukraine, the Philippines, Mongolia, students, and agricultural workers)

Consular matters (emergency assistance to travellers, consular assistance, legal assistance and service of documents, register of arrested and imprisoned Czech nationals,  database of consular cases, database of recipients of non-refundable financial aid, sale of foreign currency, DROZD database)

Human resources and payroll activities (selection procedures, locally hired staff, internships)

Security (including security camera footages)

Public and economic diplomacy projects and agreements, development programmes


Records kept at diplomatic missions (nationality, birth registers, arms waybills, inheritance matters, special electoral rolls, and poll card records)

4. What are my rights in relation to personal data processing at the MFA?

Each person who has provided his or her personal data has the right of access to his or her personal data collected and processed by the MFA, including information on the purpose of processing, the categories of personal data, and the period for which the personal data are stored. If you learn (or believe) that personal data processing at the MFA violates your privacy or that it is inconsistent with law (e.g. that the MFA has recorded your personal data inaccurately), you have the right to obtain an explanation and to have your data corrected or erased, or to restrict their processing. You also have the right to object and to lodge a complaint with the Office for Personal Data Protection.

5. How can I withdraw my consent?

When processing is subject to your consent, you may refuse to give your consent or you may withdraw it at any time. To withdraw the consent, follow the procedure through which you have given it.

6. What are the rules for transferring personal data abroad?

The MFA is authorized to transfer personal data to third countries and international organizations, subject to compliance with the GDPR (especially subject to the existence of a valid legal basis for the transfer). There is no rule restricting or banning free movement of personal data within the EU with reference to protection of natural persons. However, transfers of personal data to countries outside the EU are subject to additional requirements under the GDPR.

7. How do I contact the MFA about personal data protection?

The MFA has a data protection officer as required by the GDPR. The officer is in charge of data protection at the MFA, at Czech diplomatic missions.

Contact details:

Telephone:        00420 22418 2329

Cell phone:        00420 737 206 669

Email:                 poverenec@mzv.cz