Personal data protection

Personal data protection policy - National identity card and passport

The Ministry of the Interior and the Agence Nationale des Titres Sécurisés (National Agency for Secure Documents - ANTS) undertake that the processing of personal data carried out on the "pre-application system for passports and national identity cards" is in compliance with the General Data Protection Regulation (GDPR) and the French Law of 6 January 1978 known as the French Data Protection Act.

Data Protection Policy

Purpose of the processing

The provisions of Article 1 of the Order of 20 April 2016 authorising the creation of an online system intended for the pre-application and application for official documents stipulate that the Ministry of the Interior must implement automated processing of personal data intended for a pre-application for a passport or national identity card (SPD CNI PSP).

In order to simplify the administrative procedures for users, the Ministry of the Interior (the Department of Public Liberties and Legal Affairs) and the Agence Nationale des Titres Sécurisés (ANTS) have set up an online service for pre-applying for official documents. Once users have created an account on the website of the ANTS, they can access the online pre-application service for a national identity card (CNI) and/or a passport. The information and documents entered into the system enable users to have their application processed and tracked. However, this does not mean that users do not have to go to a collection point (usually a municipal office) in order to submit their application.

The online pre-application service for a passport or national identity card (SPD CNI PSP) limits the collection of personal data to what is strictly necessary for the purposes for which it is collected (the principle of minimising the data).

Data controller

The Minister of the Interior (the Department of Public Liberties and Legal Affairs- DLPAJ) and the ANTS are the joint data controllers responsible for the online pre-application service for a passport or national identity card (SPD CNI PSP).

Purposes of the processing

The purpose of the online pre-application service for a passport or national identity card (SPD CNI PSP) is to electronically collect the information needed to process applications for national identity cards and passports, as well as to produce and deliver them.

Legal basis for data processing

The online service is necessary for the performance of a task carried out in the public interest or in the exercise of the official authority vested in the data controllers. The Ministry of the Interior is responsible for issuing identity and travel documents. The mission of the ANTS is to meet the needs of the government authorities for the design, management and production of secure documents and the data transmission associated with them. These documents are issued by the government and are subject to a secure production and verification procedure.

Users consent to their data being used for information purposes relating to their request.

Categories of data that must be processed:

- The data relating to the pre-applicant for a national identity card (CNI) and passport

- The supporting documents presented in support of the application

The personal data collected by the online pre-application service for a passport or national identity card (SPD CNI PSP) are stated in Article 5 of the Order of 20 April 2016 authorising the creation of an online system for pre-application and application for official documents.

Categories of data subjects

The data subjects are those persons who make a pre-application for a national identity card and/or a passport.

Data recipients

- The officials of the central departments of the Ministry of the Interior and the Ministry of Foreign Affairs who are responsible for applying the regulations relating to passports and national identity cards are individually designated and duly authorised by the Minister of the Interior or the Minister of Foreign Affairs;

- the personnel of the prefectures and sub-prefectures who are responsible for issuing passports and national identity cards are individually designated and duly authorised by the prefect;

- the municipal officials who are individually designated and duly authorised by the mayor;

- the personnel of the ANTS who are individually designated and specially authorised.

The retention period for the data

The personal data in the processing system of the pre-application service for a passport or national identity card (SPD CNI PSP) may not be kept for more than six months following the date on which the pre-application or application is validated by the user. These data and information are destroyed after 6 months. This period runs from the date of creation of the pre-application if it is never validated by the user, or from the date of validation.

The security measures

The security measures are all the technical and organisational measures taken to protect the personal data that is collected and processed against accidental or unlawful destruction, loss, alteration or unauthorised access or disclosure.

The personal data collected in connection with the services offered are processed in accordance with secure protocols and allow the ANTS to manage the requests received in its computer applications.

The security measures are implemented in accordance with the:

- Référentiel Général de Sécurité (General Security Reference Text), RGS 2.1, 06 October 2015

- Politique de Sécurité des Systèmes d’Information de l’Etat (PSSIE) (State Information System Security Policy), V 1.0, 17 July 2014

Transfer of data outside of the European Union (or the adoption of an automated decision)

Your data are not transferred outside of the territory of the European Union.

No automated decisions are taken by the services of the ANTS.

The exercise of your rights

In accordance with all of the regulations in force, you possess rights concerning your data.

For any information or to exercise your data protection rights concerning the processing of personal data managed by the Ministry of the Interior and the ANTS, to the exclusion of all other requests, you may contact its data protection delegate, enclosing a copy of your identity document (passport, identity card, residence permit or proof of identity issued via the France Identité application):

A right of access and to be informed:

The right of access may be exercised in accordance with the conditions provided for by Article 15 of the GDPR. You can make a request to find out what data we hold concerning you and obtain a copy.

You have the right to be informed at all times in a clear, transparent and understandable manner with regards to the processing carried out on your data.

A right to rectification:

Any data concerning you that is incomplete or erroneous may be modified at your request. You may also complete your data at any time by means of an additional declaration.

A right to erasure:

The right to erasure is applied under the conditions provided for by Article 17 of the GDPR.

The right to restrict the processing:

The right to restrict the processing is applied under the conditions provided for by Article 18 of the GDPR.

Exercise your rights

Contact details for the data controller who processes your requests

Agence nationale des titres sécurisés

BP 70474

18 rue Irénée Carré 08101 Charleville-Mézières Cedex

Contact details for the data protection officer

Ministère de l'intérieur

Délégué ministériel à la protection des données

Place Beauvau

75800 Paris Cedex 08

Filing a claim with the French National Data Protection Agency (the Commission nationale de l’informatique et des libertés) (the CNIL),

You may also file a claim with the CNIL:

Commission nationale de l'informatique et des libertés

3 place de Fontenoy

TSA 80715

75334 Paris Cedex 07

https://www.cnil.fr/fr/plaintes

Personal data protection policy – National identity card and passport

The Ministry of the Interior and the Agence Nationale des Titres Sécurisés (National Agency for Secure Documents - the ANTS) undertake that the processing of personal data carried out on the "system for secure electronic documents" is in compliance with the General Data Protection Regulation (GDPR) and the French Law of 6 January 1978 known as the French Data Protection Act.

Data Protection Policy

Purpose of the processing:

To allow a passport or national identity card to be issued, the applicant's personal data is collected and securely stored in an automated processing system known as the TES (Titres Électroniques Sécurisés - Secure Electronic Documents) established by the Ministry of the Interior (the Department of Public Liberties and Legal Affairs) and the ANTS, under the supervision of the French National Data Protection Agency (the Commission Nationale de l'Informatique et des Libertés), in compliance with the requirements of the Law No.78-17 of 6 January 1978 as amended, relating to information technology, files and freedoms (the French Data Protection Act), and Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the GDPR). The collection and recording of the applicant's personal data in the TES system is carried out in accordance with Article 6(1)(e) of the GDPR and within the regulatory framework set by Decree No. 2016-1460 of 28 October 2016 authorising the creation of a processing system for personal data relating to passports and national identity cards. The collection and recording of these data are necessary in order to issue the requested document(s).

Data Controllers:

The TES processing is the joint responsibility of the Department of Public Liberties and Legal Affairs (DLPAJ) of the Ministry of the Interior and the National Agency for Secure Documents (the ANTS), a public administrative body under the supervision of the Ministry of the Interior.

Purposes of the processing

The purposes of the TES processing are set out in Article 1 of Decree No. 2016-1460 of 28 October 2016 authorising the creation of a processing system for personal data relating to passports and national identity cards: this involves the preparation, issuance, renewal and invalidation of national identity cards and passports, the prevention and detection of falsifications and forgeries and combatting identity theft.

Legal basis for data processing

The processing is necessary for the performance of a task carried out in the public interest or in the exercise of the official authority vested in the data controllers. The Ministry of the Interior is responsible for issuing identity and travel documents. The mission of the ANTS is to meet the needs of the government authorities for the design, management and production of secure documents and the data transmission associated with them.

Categories of data that must be processed

The data that must be kept in order to achieve the purposes of the TES processing are defined in Article 2 of Decree No. 2016-1460 of 28 October 2016 authorising the creation of a processing system for personal data relating to passports and national identity cards.

Article 2 of this Decree specifies that, in addition to the information necessary for managing the requests and the production of the documents, the following data are retained:

- civil status: family name, common name, first names, date and place of birth;

- the sex

- the colour of the eyes,

- the height

- domicile, residence or the home municipality;

- details of parentage (last names, first names, dates and places of birth, nationality of parents) ;

- where applicable, the document certifying the status of the legal representative if the holder of the document is a minor or an adult under guardianship;

- a digitised image of the signature of the person applying for the national identity card;

- the e-mail address and telephone number, if the applicant wishes to be kept informed of the availability of the document or in the case of a pre-application;

- a digitised image of the documents in the application file.

The digitised image of the face (photograph) and two fingerprints are also collected and recorded in the TES processing system. The receipt issued by the municipal official specifies which fingerprint has been recorded for each hand.

The processing system includes an automated mechanism for comparing the fingerprints collected with fingerprints already recorded in the system under the same identity, in order to authenticate the person requesting the document.

The retention of the data referred to in Article 2 of the Decree of 28 October 2016 is necessary for the purposes of the TES processing and, in particular, allows national identity cards and passports to be prepared, issued and renewed.

When you apply for your national identity card, you have the option of objecting to your fingerprints being stored in the TES processing system for more than 90 days after the date of issuing your card or, in the event of a decision to refuse to issue a card, for more than 90 days after your application has been rejected in the TES processing system.

You must be informed consequently, in accordance with Article 4-3 of Decree No. 55-1397 of 22 October 1955, that the fingerprints in the electronic component of your national identity card and your form refusing retention of your fingerprints in the TES processing system will be printed on paper and retained securely by the ANTS for a period of 15 years.

Categories of data subjects

The data subjects are those persons who make an application for a national identity card and/or a passport as well as the holders of national identity cards and/or passports.

Data recipients

Access to the TES processing system is reserved exclusively to:

- individually authorised officials of the Ministry of the Interior and the Ministry of Foreign Affairs, prefectures and consulates responsible for enforcing regulations and issuing passports and national identity cards;

- duly authorised agents of the ANTS (the National Agency for Secure Documents);

- with the exception of the digitised image of the fingerprints, duly authorised agents of the Ministry of the Interior responsible for international cooperation in the framework of Interpol and the Schengen Information System, as well as the agents referred to in Articles L. 222-1 and R. 222-1 of the French Internal Security Code.

Information relating to lost, stolen or invalidated documents is sent to the Schengen Information System, Interpol and the national document validity control file.

Important: if your card is reported lost or stolen, it will be permanently invalidated in the TES database. If you find a document that you declared lost or stolen, you must not use it but you must ask for it to be renewed or return it to the prefecture. As part of the TES processing operation, those responsible for the processing (the DLPAJ and the ANTS - see below) may have recourse to companies operating under data processing subcontractor contracts. The choice of these service providers and the performance of these contracts are carried out in strict compliance with the GDPR, and in particular its Article 28, in order to guarantee the protection of the rights of the data subjects.

Retention period for the data

Personal data are retained in the TES processing system for fifteen years following the date of issue of the document, or otherwise, following the date of registration of the application when the holder of the document is an adult. When the holder is a minor, this data is kept for ten years in the case of a passport and fifteen years in the case of a national identity card, following the date of issue of the document or otherwise, following the date of registration of the application.

Rights of the data subject

The right of access, the right of rectification and the right to limit data may be exercised with the authority responsible for issuing the documents under the conditions set out in Articles 15, 16 and 18 of the GDPR. The authority responsible for issuing the documents is the prefecture for the municipal office where you submitted your application for the document. In application of the provisions of Article 56 of the Law of 6 January 1978 (the French Data Protection Act) and Articles 21 and 23 of the GDPR, the right to object does not apply to TES processing.

Contact information for the data controllers

Ministère de l'intérieur

Direction des libertés publiques et des affaires juridiques

Place Beauvau

75800 Paris Cedex 08

donnees-personnelles-dlpaj@interieur.gouv.fr

Agence nationale des titres sécurisés

BP 70474

18 rue Irénée Carré 08101 Charleville-Mézières Cedex

Contact details for the data protection officer

Ministère de l'intérieur

Délégué ministériel à la protection des données

Place Beauvau

75800 Paris Cedex 08

Filing a claim with the French National Data Protection Agency (the Commission nationale de l’informatique et des libertés) (the CNIL),

The National Data Protection Agency designated by French law is the Commission Nationale Informatique et Liberté which you may contact in the event of a dispute in the exercise of your rights or if you believe that your claim concerns a violation of the French Data Protection Act:

Commission nationale de l'informatique et des libertés

3 place de Fontenoy

TSA 80715

75334 Paris Cedex 07

https://www.cnil.fr/fr/plaintes

Personal data protection

Personal data protection policy - National identity card and passport

Personal data protection policy – National identity card and passport

Suivez-noussur les réseaux sociaux

Suivez-nous
sur les réseaux sociaux