Visa

Short-stay visa applications for the following reasons must be submitted to the competent embassy or consulate:

• Tourism, business travel, family visits
• Studies, participation in cultural or sporting events
• Medical reasons
• Humanitarian reasons

If you plan to travel to Luxembourg, you must submit your visa application to the Luxembourg embassy or consulate responsible for your place of residence.

In some countries, these diplomatic missions collaborate with external service providers to handle visa applications. Detailed information on how to submit a visa application is available on the website of the relevant diplomatic mission.

To identify the appropriate diplomatic mission, consult the official list of Luxembourg embassies and consulates.

-          Representation by another Schengen State

In countries where Luxembourg does not have a diplomatic representation, another Schengen Member State may act on its behalf. This state will handle the reception and processing of short-stay visa applications (up to 90 days).

You can find the list of countries where this applies at the bottom of the page titled “Find a diplomatic or consular mission by country” on the website of the Ministry of Foreign and European Affairs.

-          Long-Stay Visa

Applications for long-stay visas (over 90 days) are always processed by a Luxembourg or Belgian diplomatic or consular post, depending on the applicant’s country of residence.

Please note that short-stay visa applications submitted to another Schengen Member State representing Luxembourg are processed exclusively by that State. For any inquiries or follow-up, you must contact the consular services of that country directly.

If your application was submitted to a Luxembourg or Belgian diplomatic or consular post, you may contact:

• The relevant embassy, or
• The Visa Department at: service.visas@mae.etat.lu

Visa applications are generally processed within 15 calendar days from the date of submission. However, if additional supporting documents are required, the processing time may be extended up to 45 days.

It is strongly recommended to submit a complete application from the outset. A well-prepared file should include all necessary documents and information to allow the authorities to verify that the conditions for entry and stay in Luxembourg are met.

If your application was submitted to a Luxembourg or Belgian consulate, additional documents provided after submission may still be considered. In such cases, please contact the relevant embassy or the Visa Department at the email address above.

However, if your application was submitted to another Schengen Member State representing Luxembourg, documents submitted after the initial application are generally not accepted. You must contact the consular services of the representing State directly.

Notification of Visa Decision

If you reside abroad, the decision regarding your visa application will be communicated to you by the embassy or consulate where you submitted your application.

If your short-stay visa application is refused, you have the option to submit an administrative appeal. This appeal must be presented as a formal letter, manually signed by the applicant.

The appeal must be submitted within three months from the date of notification of the refusal. If submitted after this deadline or without a signature, the appeal will be considered inadmissible and will not be reviewed.

If your application was submitted to a Luxembourg or Belgian consulate, you may send your appeal to:

Ministry of Foreign and European Affairs, Defence, Cooperation and Foreign Trade
Passport, Visa and Legalisation Office
service.visas@mae.etat.lu
6, rue de l'Ancien Athénée, L-1144 Luxembourg

If your application was submitted to another Schengen Member State representing Luxembourg, you must send your appeal directly to the consular services of that State, following the instructions provided in the refusal notification.

A refusal decision may also be subject to a legal appeal before the Administrative Tribunal. A lawyer has to introduce the appeal within 3 months after the notification of the refusal decision. The rules on appeal against decisions on refusal/annulment/revocation of a visa are set out in “Loi du 21 juin 1999 portant règlement de procédure devant les juridictions administratives (Mémorial A n°98 du 26 juillet 1999)”. 

The Passport, Visa and Legalisation Office (BPVL) may exceptionally authorize an extension of a short-stay visa if the applicant can justify one of the following:

• Serious personal reasons
• Force majeure (e.g. natural disaster, strike, flight cancellation)
• Humanitarian reasons (e.g. illness, death of a close relative)

An extension of a Type C short-stay visa (valid for up to 90 days) is only possible within Luxembourg, provided that:

• The original visa duration has not been exceeded
• The 90 days within 180 days rule is respected
• The request is submitted before the visa expires

The request must be sent to the Visa Department at service.visas@mae.etat.lu and include the following documents:

• A copy of your passport (including identification page, visa, entry and exit stamps)
• A motivated letter explaining the reasons for the extension request
• Supporting documents proving the existence of serious personal reasons, force majeure, or humanitarian grounds (e.g. medical certificate, proof of cancelled transport)

If you wish to stay in Luxembourg beyond 90 days within a 180-day period, you must contact the General Department of Immigration at the Ministry of Home Affairs.

The Passport, Visa and Legalisation Office is not competent to regularize stays beyond the legal limits.

Any request for a short-stay visa extension submitted after the visa has expired or outside the legal conditions will not be accepted.

In certain situations, nationals of countries subject to visa requirements whose residence permit is expiring without the possibility of renewal may wish to extend their stay. To remain legally in the Schengen Area after the expiration of their residence permit, they must apply for a short-stay visa.

The short-stay visa application (for reasons such as tourism, business, or family visits) may be submitted to Luxembourg diplomatic missions if:

• The residence permit is still valid (at least 15 days before its expiration);
• The purpose of the short stay is clearly defined and proven to comply with the rules of the Visa Code.

The applicant must demonstrate that they meet the entry conditions for the Schengen Area. Therefore, they must present a set of documents related to the purpose of their trip, accommodation, financial means, and medical coverage. They must also provide guarantees that they will return to the country where they reside at the end of their stay.

Short-stay visa applications will not be accepted if the objective is to settle in another Schengen country. In such cases, you must contact the competent authorities of the relevant Member State directly.

Any third-country national wishing to make a short stay in Luxembourg (maximum 90 days within 180 days) must prove that they have sufficient means of subsistence for the duration of the stay and for their return.

The sponsorship commitment is a document through which a guarantor residing in Luxembourg undertakes to cover the costs of the foreign national’s stay, healthcare, and return. It is recognized as proof of financial means if approved by the Ministry of Foreign and European Affairs, Defence, Cooperation and Foreign Trade.

A foreign national who does not have sufficient personal means of subsistence, or who cannot provide valid proof of resources, may rely on a sponsorship commitment. This document, signed by a guarantor and accepted by the Luxembourg authorities, serves as proof that the applicant has sufficient means of subsistence, whether for a visa application to enter the Schengen Area or when crossing its external borders.

Key Points:

• The sponsorship commitment is valid for six months from the date of approval, during which the foreign national must use it;
• It does not guarantee the issuance of a visa;
• It is free of charge;
• If approved, it can be used for only one trip;
• The guarantor is released from the commitment if they provide proof that the foreign national has left the Schengen Area.

You can find the sponsorship commitment form for a short-stay visa here.

Documents to be provided by the guarantor:

• Luxembourg nationals: a copy of the passport data page or identity card;
• EU citizens: a copy of the passport data page or identity card and the certificate of permanent residence;
• Third-country nationals: a copy of the passport data page and residence permit;
• The last three payslips (or any other document proving monthly income) of the guarantor and/or any other additional monthly income, and, if applicable, proof of financial assistance, without recourse to the social assistance system;
• A copy of the passport data page of the person being sponsored.

Procedure:

1. The guarantor has their signature legalized at their local municipality.
2. They send the form and required documents to the Ministry of Foreign and European Affairs, Defence, Cooperation and Foreign Trade at the following address:
   Directorate of Consular Affairs and International Cultural Relations
   Passport, Visa and Legalisation Office
    6, rue de l’Ancien Athénée, L-1144 Luxembourg
3. Once the sponsorship commitment is approved, a certified copy is issued to the guarantor with a note of favorable opinion.

Information on the processing of personal data

The collection of personal data required for all visa applications, including photographs and fingerprints, is compulsory for the examination of a visa application. Failure to provide this information will result in the application being declared inadmissible.

The responsible authorities

Ministère des Affaires étrangères et européennes,
de la Défense, de la Coopération et du Commerce extérieur
Bureau des Passeports, Visas et Légalisations
6 Rue de l’Ancien Athenée
L-1144 Luxembourg
service.visas@mae.etat.lu

Data protection officer: dataprotection.mae@mae.etat.lu

The legal basis

The legal basis for the collection and the processing of personal data is set out in Regulation (EC) 767/2008 (VIS Regulation), Regulation (EU) 2019/1155 amending Regulation (EC) 810/2009 establishing a Community Code on Visas (Visa Code) and Council Decision 2008/633/JHA.

The processing of personal data

The data will be shared with the competent authorities of the Schengen Member States [1] and processed by these authorities for the purposes of decision-making on a visa application.

Data and information relating to the decision taken on an application, whether to annul, revoke or extend an existing visa, will be entered and stored in the Visa Information System (VIS) for a maximum period of five years, during the course of which they will be accessible to the visa authorities and to the authorities responsible for carrying out visa checks at the external borders and within the Member States, to immigration and asylum authorities in the Member States, in order to check whether the conditions for entry, stay and legal residence on the territory of the Member States are fulfilled, to identify persons who do not meet or no longer meet these conditions, to examine an asylum application and to determine responsibility for this examination.

Under certain conditions, the data will also be made available to the designated authorities of the Member States and to Europol for the purposes of the prevention, detection and investigation of terrorist offences and other serious criminal offences.

Third countries and international organisations

Personal data may also be transferred to third countries or international organizations in order to verify the identity of third-country nationals, including for return purposes. Such transfers only take place under certain conditions [2]. You can contact the authority responsible for data processing to obtain further information on these conditions and how they are met in your particular case.

Transparency and rights of the data subject

Under the General Data Protection Regulation [3] and the VIS Regulation [4], you have the right to obtain access to your personal data, including a copy thereof, as well as the identity of the Member State that transmitted it to the VIS. You also have the right to have inaccurate or incomplete personal data corrected or completed, to have the processing of your personal data restricted under certain conditions, and to have personal data that has been processed unlawfully deleted.

You may address your request for access, rectification, restriction or erasure directly to the authority responsible for processing the data. Further details on how you may exercise these rights, including the related remedies according to the national law of the State concerned, are available on its website and can be provided upon request.

You may also address your request to any other Member State. The list of competent authorities and their contact details is available at:

https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-lu

Lodge a complaint

You are also entitled to lodge at any time a complaint with the national data protection authority of the Member State of the alleged infringement, or of any other member State, if you consider that your data have been unlawfully processed. 

The data protection authority of Luxembourg is:

National Commission for Data Protection (CNPD), 15 Boulevard du Jazz, L-4370 Belvaux
Phone: (+352) 26 10 60 – 1

Web contact: https://cnpd.public.lu/en/support/contact.html
Website: https://cnpd.public.lu/en/commission-nationale.html

[1]  Austria, Belgium, Bulgaria, Croatia, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Rumania, Slovakia, Slovenia, Spain, Sweden and Switzerland.

[2] Article 31 of Regulation (EC) 767/2008 (VIS Regulation)

[3] Article 15 to 19 of Regulation (EU) 2016/679 (GDPR)

[4] Article 38 of Regulation (EC) 767/2008 (VIS Regulation)

The Visa Information System (VIS) is a system for exchanging data on short-stay visas between Schengen states. The main objectives of the VIS are to facilitate visa application procedures and external border controls, and to enhance the security of the Schengen area.

The aim of the global VIS introduction process is to provide applicants with greater protection against identity theft, and to prevent document fraud and the practice of "visa shopping". Fingerprints are widely used in the EU as one of the most secure means of identification. The use of biometric data to identify a visa holder is a faster and more precise way of identifying a visa holder by the border police.

The VIS incorporates a central database, a national interface in each Schengen state, and a communication infrastructure between the central database and the national interface. The VIS is linked to the national visa systems of all the Schengen States via the national interfaces, enabling the competent authorities in the Schengen States to process data on visa applications and on visas either issued, refused, annulled, revoked or extended.

The VIS consists of two systems: the VIS database, which conducts alphanumeric searches, and the Automated Fingerprint Identification System (AFIS), which compares fingerprints received with the database and returns a positive or negative response, including any matches.

The main central VIS is located in Strasbourg (France) and a back-up central VIS, capable of providing all the functions of the main central VIS, is located in Sankt Johann in Pongau (Austria).

The VIS is continually processing information gathered by the consulates of the Schengen states. For instance, information entered locally by visa authorities can be available in the VIS in a matter of minutes. The VIS offers rapid verification services for visa holders at border crossings, taking just a few seconds to conduct a visa check.

The Commission was responsible for developing the central database, the national interfaces and the communication infrastructure between the central VIS and the national interfaces. Individual Schengen States are responsible for the development, management and operation of their respective national systems.

The EU Agency for large-scale IT systems, eu-LISA, is responsible for the operational management of VIS.

What is the legal basis for the VIS?

The main acts constituting the legal framework of the VIS are the following:

·                  Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System (VIS), OJUE L 213, 15.6.2004, p. 5.

·                  Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the VIS and the exchange of data between Member States on short-stay visas (VIS Regulation), OJUE L 218, 13.8.2008, p. 60.

·                  Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the VIS by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offence, OJUE L 218, 13.8.2008, p. 129.

·                  Regulation (EC) No 81/2009 of the European Parliament and of the Council of 14 January 2009 amending Regulation (EC) No 562/2006 as regards the use of the Visa Information System (VIS) under the Schengen Borders Code, OJUE L 35, 4.2.2009, p. 56.

·                  Regulation (EC) No 810/2009 of the European Parliament and the Council of 13 July 2009 establishing a Community Code on Visas (Visa Code), OJUE L 243, 5.9.2009, p. 1.

What are the consequences of VIS in practice for visa applicants?

First-time visa applicants must always present themselves in person when submitting their application to provide their photograph and fingerprints.

The photograph is currently scanned from an existing paper photograph. At a later stage, the photograph will be taken digitally at the moment of the application.

For all new subsequent applications submitted within a period of 59 months, the fingerprints can be copied into the VIS from the previous application file.

Nevertheless, it should be stressed that in the event of reasonable doubt as to the applicant's identity, the consulate will collect fingerprints again within the 59 months referred to above. Moreover, the applicant may ask for fingerprints to be taken if, at the time the application is submitted, it is not immediately possible to confirm that the fingerprints were taken within the aforementioned period.

The biometric data of visa applicants may be collected by Schengen State consulates and external service providers (such as VFS, TLS and others), but not by commercial intermediaries (e.g. travel agencies).

Upon arrival at the Schengen external border, visa holders must provide their fingerprints for comparison with those registered in the VIS, at the request of the Schengen States' border control authorities. Searches in the VIS by Schengen border guards are based on the visa sticker number in combination with fingerprints.

Visa holders whose fingerprints have not been taken at the time of application, on the grounds that they have been exempted from this requirement, will not be asked to provide fingerprints at the border.

What happens to those who refuse to provide fingerprints for various reasons?

As a result, a Schengen visa will not be issued if biometric data is not provided. However, in accordance with Article 13(7) of the Visa Code, there are several categories of citizens who are not required to provide this data, as indicated in the FAQ under Question 18.

If I already have a biometric passport, do I also need to submit my fingerprints?

Yes, holders of biometric passports must also appear in person when applying for a short-stay Schengen visa for the first time to submit their fingerprints.

How is my biometric data protected in the VIS?

Strict data protection rules are defined in the VIS regulation and are subject to control by national and European data protection authorities.

Data is kept in the VIS for a maximum of five years from the visa expiry date, if a visa has been issued, or from the new visa expiry date, if a visa has been extended, or from the date on which a refusal decision is issued by the visa authorities.

All individuals have the right to obtain communication of the data recorded in the VIS concerning them from the Schengen State which entered the data in the system. Individuals may also request that inaccurate data concerning them be rectified, and that illegally recorded data be deleted.

In each Schengen State, the national supervisory authorities independently monitor the processing of personal data recorded in the VIS by the respective Schengen State.

The European Data Protection Supervisor monitors the data processing activities of the VIS Management Authority.

Which data are registered in the VIS?

The visa authorities in each Schengen state register data relating to short-stay visa applications (i.e. applications to stay in the Schengen area for 90 days or less) in the VIS. Data relating to national long-stay visas are not yet recorded in the VIS.

Upon reception of an application, the visa authorities of the relevant Schengen State create an application file in VIS and record the alphanumeric data contained in the Schengen visa application form, the applicant's digital photograph and the ten fingerprints collected.

If the applicant is traveling in a group, the travelers' application files will be linked in the VIS. If a previous application has been registered for the same applicant, the two applications will also be linked in the VIS.

Once a decision has been taken on the application (visa granted/refused) or post-decision (annulment, revocation, extension), the information is recorded in the VIS by the visa authorities of the relevant Schengen States. Once the visa has been issued and all applicant data - including fingerprints - have been recorded in the VIS, a code is inserted in the visa sticker.

Which authorities have access to the VIS?

The visa authorities of the Schengen States have access to the VIS for both data recording and consultation. Application and decision data are entered into the VIS by the visa authorities of the Schengen State responsible for examining the application or taking the decision. The data entered by one Schengen State can then be consulted by the visa authorities of all the other Schengen States, for example when examining another application from the same applicant.

Other authorities from the Schengen States have access to the VIS for consultation only.

National border authorities have access to the VIS in order to verify the identity of the visa holder, the authenticity of the visa and whether the conditions for entry into the territory of the Schengen states have been fulfilled. VIS checks at the Schengen area's external borders, with systematic fingerprint verification, are compulsory, except in a limited number of cases.

The national authorities responsible for carrying out identity checks on the territory of the Schengen states have access to the VIS in order to verify the identity of the visa holder, the authenticity of the visa and whether the conditions for entry, stay or residence on the territory of the Schengen states have been fulfilled.

National asylum authorities have access to the VIS to determine the Member State responsible for examining an asylum application in accordance with Regulation (EC) No 343/2003 and for processing the application.

Europol has access to the VIS for consultation purposes as part of the prevention, detection and investigation of terrorist offences and other serious criminal offences.

National law enforcement authorities have access to VIS data for the same purposes, provided certain legal conditions are respected: access to VIS data must be necessary in a particular case, and there must be reasonable grounds for considering that consultation of the data will make a substantial contribution to the prevention, detection and investigation of terrorism and other serious crimes.

As a general rule, VIS data may not be transferred or made available to a third country or international organization. By way of derogation, certain data recorded in the VIS (name, nationality, travel document number, residence) may be communicated to a third country or international organization when a specific case requires it to prove the identity of a third-country national, including for return purposes.

For detailed information on how to exercise your access rights, please visit the following site: 

https://cnpd.public.lu/en/particuliers/vos-droits/droit-acces.html

CITIZENS’ RIGHTS IN THE FIELD OF THE SCHENGEN INFORMATION SYSTEM

1. General presentation of the Schengen Information System

The Schengen Information System (SIS) was implemented as a search system for persons and objects by the Convention implementing the Schengen Agreement of 19 June 1990. The SIS was designed as a compensatory measure to the lifting of internal border controls with the aim of ensuring a high level of security in the European Union’s area of freedom, security and justice.

The system includes alerts

i. On persons, namely :

• Third-country nationals subject to a return decision,
• Third-country nationals subject to a refusal of entry and stay,
• Persons wanted for arrest for surrender or extradition purposes,
• Missing persons, including :
• Children at risk of abduction by a parent, a family member or a guardian, o Vulnerable persons who need to be prevented from travelling,
• Persons sought to assist with a judicial procedure,
• Persons for discreet, inquiry or specific checks,
• Unknown wanted persons for the purpose of identification under national law.

ii. On objects:

• For discreet, inquiry or specific checks,
• For seizure or use as evidence in criminal proceedings.

2. Legal framework applicable to SIS as well as to data protection

The SIS is established by the following legal instruments:

-        Regulation (EU) 2018/1860 of the European Parliament and of the Council, of 28 November 2018 on the use of the Schengen Information System for the return of illegally staying thirdcountry nationals,

-        Regulation (EU) 2018/1861 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, and amending the Convention implementing the Schengen Agreement, and amending and repealing Regulation (EC) No 1987/2006,

-        Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU.

The following legal instruments are applicable in terms of data protection:

-        Loi du 1er août 2018 relative à la protection des personnes physiques à l'égard du traitement des données à caractère personnel en matière pénale ainsi qu’en matière de sécurité nationale (Law of 1 August 2018 on the protection of natural persons with regard to the processing of personal data in criminal and national security matters, transposing into national law the Directive 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA) (hereafter « LPD »),

-        Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereafter « GDPR »)

-        Loi du 1er août 2018 portant organisation de la Commission nationale pour la protection des données et du régime général sur la protection des données » (Law of 1 August 2018 on the organisation of the National Data Protection Commission and the general data protection framework).

3. Information to be made available to the individual on data processing in the SIS

i. The data controller

In Luxembourg, the data controller for the data processing in the context of the SIS is the Grand Ducal Police, represented by its General Director.

ii. The purposes of the processing

The purposes of the processing for which the personal data are intended are the following:

• Prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security,
• External border control,
• Immigration control.

iii. The categories of personal data that may be processed

The personal data that may be included in a SIS alert are listed in article 20 of Regulation 2018/1861 and of Regulation 2018/1862 as well as in article 4 of Regulation 2018/1860.

iv. The recipients or categories of recipients

National competent authorities of the Schengen Member States that can access the SIS and are thus to be considered as recipients are listed in article 34 of Regulation 2018/1861 and articles 44 to 47 of Regulation 2018/1862. In addition to these national competent authorities, SIS can also be accessed by Europol, Frontex and Eurojust in accordance with articles 35 and 36 of Regulation 2018/1861 and articles 48 to 50 of Regulation 2018/1862.

v. The storage period

Alerts on persons and on objects shall be kept only for the time required to achieve the purposes for which they were entered.

The above-mentioned regulations foresee several time limits for a periodic review of the need for the storage of personal data with the possibility to renew the alerts.

Alerts on persons subject to a discrete, inquiry or specific check as well as certain categories of missing persons have in principle to be re-examined at the latest after one year.

Alerts on persons subject to a return decision, subject to a refusal of entry and stay, sought to assist with a judicial procedure as well as unknown wanted persons for the purpose of identification have in principle to be re-examined at the latest after three years.

Alerts on persons wanted for arrest for surrender or extradition purposes as well as certain categories of missing persons are in principle to be re-examined at the latest after five years.

Alerts on objects are in principle to be re-examined at the latest after ten years.

vi. The rights of individuals

Concerning the right for information provided under articles 13 and 14 of the GDPR, respectively article 12 of the LPD, the Grand-Ducal Police refers to the information on its website under the heading « Data protection » (Link https://police.public.lu/fr/support/protection-des-donnees-a-caractere-personnel.html).

As foreseen in article 53 of Regulation 2018/1861 and article 67 of Regulation 2018/1862, individuals have the right to introduce

-        A request for access to their data,

-        A request for correction of inaccurate data,

-        A request for deletion of unlawfully stored data,

In accordance with articles 15, 16 and 17 of the GDPR and 13 and 15 of the LPD.

These requests may be submitted to any Member State of the European Union operating the system and any of the four Schengen Associated States (Switzerland, Norway, Liechtenstein and Island). The receiving Member State will process the request according to their own national procedures in place as well as according to the European rules in force.

With regard to deadlines for processing such requests, it should be noted that both the requests for access and the requests for rectification and deletion must be answered within 1 month (article 53(4) of the Regulation 2018/1861 and article 67(4) of the Regulation 2018/1862, both referring to article 12(3) of the GDPR).

Regarding the form, Member States will have to strive to respect both the form (letter or email) of the requestor as well as the language used by them, this of course as far as possible. In general, the Grand Ducal Police processes access requests as well as correction or deletion requests if they are introduced in any of the administrative languages of the country (Luxembourgish, French, German) or in English.

In accordance with article 12(6) of the GDPR and article 11, paragraph 5 of the LPD, the Grand-Ducal Police must have sufficient guarantees to establish with certainty the identity of the person requesting information, so as not to prejudice the rights of others. The following documents have therefore to be enclosed to the requests:

For a request from an individual:

-        A signed letter,

-        A copy of an identity document (identity card or passport).

For a request from an individual on behalf of another individual:

-        A power of attorney duly signed by both parties,

-        A letter signed by the represented party,

-        A copy of an identity document of represented party (identity card or passport),

-        A copy of an identity document of the representing party (identity card or passport).

For a request from an attorney:

-        A power of attorney duly signed by the client and the attorney,

-        A copy of an identity document of the client (identity card or passport),

-        A copy of an identity document of the attorney (identity card or passport),

-        A copy of an attorney card or equivalent.

It goes without saying that the transmission of a copy of an identity card or passport via the Internet may present a certain risk in the event of possible abuse by a third party (for example, interception).

Finally, in exceptional circumstances and in accordance with article 53(3) of the Regulation 2018/1861, article 67(3) of the Regulation 2018/1862, and articles 14 and 15, paragraph 4 of the LPD, a Member State may take a decision not to provide information to the data subject, in whole or in part, in order to safeguard national security, defence and public security, or for the prevention, investigation, detection and prosecution of criminal offences, for as long as such a restriction constitutes a necessary and proportionate measure in a democratic society with due regard for the fundamental rights and legitimate interests of the data subject concerned.

vii. Right to lodge a complaint or to seek judicial remedy

In case the reply which is provided by the Grand Ducal Police does not satisfy the requestor, the latter has the right to file a complaint with the national supervisory authority, namely the « Commission nationale pour la protection des données », in accordance with article 77 of the GDPR, respectively in accordance with article 44 of the LPD. The national supervisory authority may be contacted under the following contact details:

Commission nationale pour la protection des données (CNPD)

Service des réclamations

15, Boulevard du Jazz

L-4370 Belvaux

Luxembourg.

Furthermore, the requestor also has the right to seek judicial remedy within three months after the receipt of the final reply at the Administrative Court of Luxembourg (Tribunal administratif) with the assistance of an attorney.