Key Benefits:
CHAIR OF THE COUNCIL OF MINISTERS
1
Proposal for Law No 200 /XII
Exhibition of Motives
The Decree-Law No. 309/98 of October 14 regulates the basis of safety data
private, whose approval was determined by the need to regulate the personal data
treated in the context of the control and licensing of private security activity.
The applicable legal regime in the framework of private security has undergone significant changes
from the date of approval of the over-said statutory diploma, particularly with regard to the
dematerialization of procedures and the secure electronic transmission of the data to
effects of issuing and printing of professional cards.
The creation of the Integrated Private Security Management System (SIGESP), while
administrative simplification measure, was realized in the framework of regulation
provided for in the legislative changes effectuated to the exercise regime of the activity of
private security by Law No. 38/2008 of August 8, having enabled a
reorganization of work methodologies and greater interaction with the operators of the
private security sector, allowing not only the electrolytic tramway of the processes of
licensing, but also the submission, by this route, of new applications for licensing.
Similarly, by way of administrative simplification, new channels have been created.
communication, through the available functionalities online , notably the consultation, in
reserved area, of the details relating to private security entities or personnel of
surveillance and respect processes of ongoing licensing.
CHAIR OF THE COUNCIL OF MINISTERS
2
The need to ensure the advertication of the entities authorized for the exercise of
activities in the private security sector have further determined the creation of a platform of
public access that allows an updated query of the licensed entities for the
private security activity.
In the face of the technological developments of the last decade, in part reflected in the SIGESP, alongside the
new functionalities for suitability of the system to changes introduced by the Act
n ° 34/2013 of May 16 establishing the regime of the exercise of security activity
private, urge to undertake an update of the standards that regulate the system of
information from private security, in line also with the requirements applicable to the
processing of personal data resulting from the Act No 67/98 of October 26.
It was heard from the National Data Protection Commission and the Security Council
Private.
Thus:
In accordance with Article 56 (3) of Law No 34/2013 of May 16 and of the d) from the
n Article 197 (1) of the Constitution, the Government presents to the Assembly of the Republic a
the following proposed law:
Article 1.
Object and scope
1-A This Law regulates the database and the registered personal data subject of
computer treatment in the framework of the exercise regime of the security activity
private, approved by Law No. 34/2013 of May 16, designated by Integrated System
of Private Security Management (SIGESP).
2-The SIGESP is maintained by the National Directorate of Public Security Police (PSP),
with the purpose of organizing and keeping up-to-date with personal information and data
necessary for the monitoring, licensing and surveillance of the exercise of the activity of
private security.
CHAIR OF THE COUNCIL OF MINISTERS
3
3-A The stepping up of licensing procedures, compliance with duties and control
of the private security activity is carried out electronically through the SIGESP.
4-SIGESP ensures the existence of a single record relating to the entities or persons
who provide services or who carry out private security duties, contemplating the
data for the required licensing processes, the control actions of the
activity and sanctions applied in the framework of the exercise of private security activity.
5-The responsible of the databases, in the terms and for the purposes of the provisions of the provisions of paragraph 1 of the
article 30 of Law No. 67/98 of October 26, is the National Direction of PSP.
6-It is up to the entity referred to in the preceding paragraph the responsibility to ensure the right to
information and access to data by the titular respects and the correction of inexatids,
as well as de velar so that the consultation or communication of the information complies with the
too much obligations arising from the law.
Article 2.
Quality of data
The data collected pursuant to this Law shall be exact and current, limiting itself to the
information strictly necessary, in the framework of private security activity, for the
following purposes:
a) Instruction of the licensing processes;
b) Instruction of the counterordinate processes;
c) Monitoring of the fulfilment and maintenance of the exercise requirements of the activity of
private security;
d) Registration of the enrolment of each entity or record of infractions of person to which
applied penalties were applied in Law No. 34/2013 of May 16.
CHAIR OF THE COUNCIL OF MINISTERS
4
Article 3.
Collection of data
1-Can be the object of collecting the data concerning the following processes:
a) De-licensing and verification of requirements of private security companies;
b) From licensing and verification of requirements of entities that organize services
internal self-protection;
c) De-licensing and verification of requirements of forming entities;
d) From licensing and verification of requirements of consultancy entities of
security;
e) From prior registration of entities proceeding to the study and conception, installation,
maintenance or technical assistance of material and safety equipment or
alarm plants;
f) De-licensing and verification of requirements of surveillance personnel;
g) From licensing and verification of requirements of security directors;
h) From counterordinance relating to the legal regime for the exercise of the activity of
private security.
2-The personal data set out in the SIGESP are collected from the requirements or
documents submitted electronically or referred to the National PSP Direction.
CHAIR OF THE COUNCIL OF MINISTERS
5
Article 4.
Personal data
1-In the processes of licensing and verification of requirements set out in points a) a g)
of paragraph 1 of the preceding Article are collected, for the purposes of processing, in the function of
purpose of verification of the requirements and incompatibilities for the exercise of the
private security activity, the personal data relating to administrators or
managers, legal representatives, responsible for the self-protection services,
responsible or training managers, pedagogical coordinators, trainers,
responsible technicians, security directors and surveillance personnel.
2-The personal data collected in the terms of the preceding paragraph shall comprise:
a) As far as administrators and managers are concerned: name, date of birth,
nationality, gender, type, number and date of document validity of
identification, issuing authority of identification document, habilitations
academics, residency, criminal record information, identification number
tax, job title and nature of the bond, date of appointment and termination of duties and
the final decisions or carried out on trial referred to in point (a) e) of paragraph 1
of Article 22 of Law No 34/2013 of May 16;
b) With regard to legal representatives: name, residence, number of
tax identification, cargo and nature of the bond, date of appointment and cessation
of functions and the final or transitioned decisions on which to be referred to
point ( e) of Article 22 (1) of Law No 34/2013 of May 16;
CHAIR OF THE COUNCIL OF MINISTERS
6
c) As for those responsible for the self-protection services: name, date of
birth, nationality, gender, type, number and date of document validity
of identification, issuing authority of identification document, habilitations
academics, residency, criminal record information, identification number
tax, social security identification number, registration of the specific training
provided for in Article 22 (6) of Law No 34/2013 of May 16, date and entity
trainer, job title and nature of the bond and the date of appointment and date of cessation
of functions;
d) As for training managers: name, date of birth,
nationality, gender, type, number and date of document validity of
identification, issuing authority of identification document, habilitations
academics, residency, criminal record information, identification number
tax, social security identification number, professional qualifications,
job title and nature of the bond, date of appointment and date of termination of duties and the
outright decisions or carried out on trial referred to in point (a) e) of paragraph 1 of the
article 22 of Law No 34/2013 of May 16;
e) On the subject of pedagogical coordinators: name, date of birth,
nationality, gender, type, number and date of document validity of
identification, issuing authority of identification document, habilitations
academics, residency, criminal record information, identification number
tax, social security identification number, professional qualifications,
job title and nature of the bond, date of appointment and date of termination of duties,
as well as final or transitioned decisions on trial referred to in
point ( e) of Article 22 (1) of Law No 34/2013 of May 16;
CHAIR OF THE COUNCIL OF MINISTERS
7
f) As for trainers: name, date of birth, nationality, gender,
type, number and date of validity document of identification, authority
identification document broadcaster, academic habilitations, residence,
information from the criminal record, tax identification number, number of
identification of social security, professional qualifications, office and nature of the
linkage, date of appointment and date of termination of duties, as well as decisions
outright or carried forward on trial referred to in point (s) e) of the Article 1 (1)
22. of Law No. 34/2013 of May 16;
g) With regard to responsible technicians: name, date of birth, nationality,
gender, type, number and date of validity of identification document,
issuing authority for identification document, educational qualifications,
residence, tax identification number, professional qualifications, entity
accreditation and date of accreditation, cargo and the nature of the bond and the dates of
appointment and termination of duties;
h) As far as security directors are concerned: name, date of birth,
nationality, gender, type, number and date of document validity of
identification, issuing authority of identification document, habilitations
academics, residency, criminal record information, identification number
tax, social security identification number, registration of the specific training
provided for in Article 22 (6) of Law No 34/2013 of May 16, date and entity
trainer, job title, nature of the bond and contract of employment, date of appointment and
date of cessation of functions, number of security director and the type, date of
issuance and date of validity of the professional card;
CHAIR OF THE COUNCIL OF MINISTERS
8
i) With regard to surveillance personnel: name, date of birth, nationality,
gender, type, number and date of validity of identification document,
issuing authority for identification document, educational qualifications,
residence, information from the criminal record, tax identification number, number
of identification of social security, registration of the specific formations provided for in the
point ( b ) of Article 22 (5) of the Law No 34/2013 of May 16, date and entity
trainer, mention of the medical certificate and the certificate of psychological evaluation to
referred to in Article 24 (4) of the Act No 34/2013 of May 16, function,
nature of the bond and contract of employment, date of appointment and date of cessation
of functions, private security number and the type, date of issue and date of
validity of the professional card.
3-In the register of counterordinations concerning the exercise regime of the activity of
private security are collected, for the purpose of automated treatment, the data
personal relating to natural persons or collectives, understanding the name, type,
number and date of validity of identification document, issuing authority of
document of identification, practiced counterordinance, time and place of the practice of the
facts, date of decision and decision-maker, fines and ancillary sanctions applied.
4-The registration of counterordinations referred to in the preceding paragraph is kept active by the
term of three years after the final or transitioned decision on trial.
CHAIR OF THE COUNCIL OF MINISTERS
9
Article 5.
Licensing processes, control and verification of requirements
1-In the processes of licensing, monitoring and verification of requirements of companies of
private security, entities with internal self-protection services, entities
trainers and security consultancy entities, are collected, according to the
purpose, for the purposes of automated processing, the personal data relating to
administrators or managers, legal representatives, responsible for the services of
self-protection, responsible or training managers, pedagogical coordinators,
trainers, security directors and surveillance personnel provided for in the previous article.
2-In the cases referred to in the preceding paragraph are still collected, according to the
purpose, for the purposes of automated processing, the following data:
a) As for the entity: commercial designation, identification number of
collective person, social capital, classification of economic activity, number of
matriculation, legal status and registered office;
b) On the premises: identification of averaged and respectable facilities
addresses, permanent contact center of private security company, type and
purpose of the installation, telephone contacts, fax, electro mail and memory
descriptive of the requirements or security measures implemented in the
regulation referred to in Article 3 (2) of the Act No 34/2013 of 16 of
may;
c) With respect to licensing: type of alvshall, licence or permit, scope of
services, date of issue and validity, date of suspension or cancellation and
reason;
d) With regard to administrative licensing processes: identification of the
processes;
e) With regard to counterordinating processes: identification of the processes;
CHAIR OF THE COUNCIL OF MINISTERS
10
f) With regard to the performance of special duties: number and validity of
insurance policies, type and number of collateral in favour of the State, registration of the
compliments of the duties on the state and social security.
3-In proceedings relating to private security companies are still collected, from
agreement with the purpose, for the purpose of automated processing, the following data:
a) As far as models of uniforms, badges, symbols and brands are concerned:
administrative process, understanding entry registration, opinions issued,
date and type of decision, descriptive memory, articles of uniform, distinguishing,
symbols and approved marks and their identifiable characteristics;
b) On the registration of videovigilance systems: number and date of
registration, geographical location of videovigilance systems, name and address
of the data controller, characteristics of the system of
videovigilance, summary description of the physical and logical security measures of the
treatment and registration or authorization of the National Data Protection Commission
(CNPD);
c) With regard to the registration of surveillance personnel authorized to be holder of
weapon: private security number, license of use and possession of weapon and
characteristics of the weapon;
d) On the registration of use of canids: name, race and registration of the
canid, number of private security enabled and allowed to use canids.
e) With regard to the registration of transport vehicles of values: registration, branding and
model, certificate and registration of technical inspection inspection of requirements;
f) With regard to the registration of activities: designation and identification number
customer's tax, contract number, type of private security service
provided, date of commencement and term of the contract, place where the service is provided,
human means and materials used.
CHAIR OF THE COUNCIL OF MINISTERS
11
4-The data to which the points are referred a ) a and ) of the previous number are applicable to the
processes of entities with internal self-protection services.
5-In proceedings concerning trainer entities are still collected, according to the
purpose, for the purposes of automated processing, the following data:
a) The certification as a trainer entity;
b) Registration of authorized facilities for vocational training;
c) Dossier technical-pedagogical;
d) Registration of training shares, including the type of training action, the date of
start and term, the place of achievement, the training plan and time, the graduates,
the trainers and the certificates issued.
Article 6.
Prior registration procedures, control and verification of requirements
1-In the processes of prior registration, control and verification of requirements of the entities to which
refers to Article 12 (3) of Law No 34/2013 of May 16, are collected, of
agreement with the purpose, for the purposes of automated processing, the personal data
relating to responsible legal and technical representatives referred to in Article 4.
2-In the cases referred to in the preceding paragraph are still collected, according to the
purpose, for the purposes of automated processing, the following data:
a) Entity: commercial designation, identification number of collective person,
social capital, classification of economic activity, number of matriculation, status
legal and registered office;
b) Facilities: identification of averaged facilities and respect addresses,
telephone contacts, fax and electro mail;
c) Prior registration: type and number of prior registration, scope of services, date of
issuance and validity, date of suspension or cancellation and reason;
CHAIR OF THE COUNCIL OF MINISTERS
12
d) Material and safety equipment: identification of the type of material and
safety equipment in the scope of the provision of services subject to registration
prior;
e) Administrative procedures for licensing: identification of the processes;
f) Counterordinating processes: identification of the processes;
g) Fulfillment of special duties: number and validity of insurance policies and
record of the compliments of duties on the state and social security;
h) Quality certification.
Article 7.
Processes for licensing, monitoring and verification of requirements of professions
regulated
1-In the processes of licensing, monitoring and verification of requirements of directors of
security and surveillance personnel, are collected, in accordance with the purpose, for
effects of automated processing, the personal data referred to in Article 4 para.
2-For the purpose of professional card issuance, photography and the
signature.
3-In the process of licensing, monitoring and verification of requirements of the professions to which
it refers to paragraph 1, are still collected, for the purpose of automated treatment, the
following data:
a) Professional averaged formations;
b) Identification of administrative licensing processes;
c) Identification of the counterordinate processes.
CHAIR OF THE COUNCIL OF MINISTERS
13
Article 8.
Verification of information
1-Within the scope of the licensing processes, the constant information of the SIGESP may
be confirmed, in the legally admitted terms, by consultation with the information contained
in the following databases:
a) Data bases of the Portuguese Classification Information System of
Economic Activities and databases of the Institute of Registries and
Notariat, I.P., for verification of the classification of economic activity and of the
data relating to collective persons;
b) Data base of the Institute of Social Security, I.P., for verification of the data
relative to the employment situation of private security personnel, understanding the
number of social security identification of the worker and the entity of
private security and the start and end dates of the qualification;
c) Criminal identification database, pursuant to Law No. 57/98, of 18 of
August, amended by Decree-Law No. 323/2001, of December 17, and by the Laws
n. paragraphs 113/2009, of September 17, 114/2009, of September 22, and 115/2009, of
October 12, and of the Decree-Law No. 381/98 of November 27, as amended by the
Decrees-Laws No 20/2007, of January 23, and 288/2009, of October 8, for
obtaining the criminal record in the name of the own and information from the register of
contumacious.
2-The terms of the accesses provided for in the preceding paragraph are set out in protocols to
celebrate between the National Direction of PSP and the public services responsible for the
databases, being previously notified to CNPD for weighting your
compliance with the legal requirements applicable to the processing of personal data.
CHAIR OF THE COUNCIL OF MINISTERS
14
3-The provisions of the preceding paragraphs shall be without prejudice to the provision of consent by the
respects holders, in the legal terms, being waived for the purpose of the presentation of
documents or other means of evidence provided for in the legal regime for the exercise of
security activity and respect regulation.
Article 9.
Communication of data
The personal data set out in the SIGESP may be communicated to other services
public, when properly identified and in the frame of the tasks of the force or
requesting service, when there is legal obligation or authorization in this sense or
express authorization of the CNPD.
Article 10.
Direct access to information
1-The entities which, upon legal provision or deliberation of the CNPD, are authorised
accessing the SIGESP directly, they must adopt the technical administrative measures
necessary to ensure that the information cannot be improperly obtained, nor used
for different end of the allowed.
2-The researches or attempts of direct research are recorded informatically, by
a period of not less than one year, and its registration shall be the object of control
suitable by the entity responsible for the database.
3-For the purposes of the preceding paragraph, the entity responsible for the database may
request the clarifications that are warranted to the entities whose research there has been
registered.
CHAIR OF THE COUNCIL OF MINISTERS
15
Article 11.
Information for research or statistical purposes
In addition to the cases provided for in the previous articles, the information may be communicated,
for the purpose of scientific and statistical research, upon permission of the responsible of the
data base, as long as they cannot be identifiable the people to whom they respect and
provided that the legal provisions applicable in this matter are observed.
Article 12.
Right to information and access to data
To any person, as long as he has duly identified, the right of
know the contents of the registration or records which, constants of the databases,
Respect, upon written communication to direct to the National Director of PSP.
Article 13.
Correction of possible inexatids
Any person has the right to demand the correction of possible inaccuracy, the deletion of
unduly recorded data and the correction of the omissions of the data that tell you
respect, in the terms set out in paragraph d) of paragraph 1 (1) of Law No. 67/98, 26 of
October.
Article 14.
Conservation of personal data
Personal data is retained in SIGESP up to five years after the cessation of the activity
by entity or licensed person for the provision of private security services.
CHAIR OF THE COUNCIL OF MINISTERS
16
Article 15.
Security of information
1-To the SIGESP the necessary security guarantees must be conferred to prevent the
consultation, the modification, suppression, adding, destruction or communication
of data by form not consented to by this Law.
2-In view of the security of information, the following shall be observed:
a) The entry into the premises used for the processing of personal data is object
of control, in order to prevent the access of any unauthorized person;
b) The data supports and respect transport are the object of control, in order to
prevent that they can be read, copied, altered or disposed of by any
person by unauthorized form;
c) The insertion of data is the object of control to prevent the introduction as well as
any outlet of knowledge, alteration or unauthorized disposal of
personal data;
d) Automated data processing systems are object of control, for
prevent that they can be used by unauthorised persons by means of
data transmission facilities;
e) Access to the data is object of control, so that the authorised persons alone
may have access to the data that is of interest to the exercise of their assignments and
legal skills;
f) The transmission of the data is the object of control, to ensure that it is used
is limited to authorised entities;
g) The introduction of personal data in the automated treatment systems is object
of control, in order to check that data were introduced, when and by
who.
CHAIR OF THE COUNCIL OF MINISTERS
17
Article 16.
Professional secrecy
1-A communication or disclosure of the personal data recorded in the SIGESP can only be
effected in the terms provided for in this Law.
2-The people who in the exercise of their duties have knowledge of the personal data
registered in the SIGESP are obliged to secrecy in accordance with Article 17 of the
Law No. 67/98 of October 26.
Article 17.
Abrogation standard
The Decree-Law No. 309/98 of October 14 is repealed.
Article 18.
Entry into force
This Law shall come into force 15 days after the date of its publication.
Seen and approved in Council of Ministers of January 16, 2014
The Prime Minister
The Minister of the Presidency and Parliamentary Affairs