LD Consultores

Information Security Management

Information Security Management System (ISMS) Policy (Jan 2026)

Entities: LD Consultores C.A. & León & Associated Attorneys at Law Ltd.

Objective: To provide a systematic approach to managing sensitive information through established technical and organisational controls.

Core Security Pillars

  • Confidentiality: We ensure that sensitive data, including payroll records and legal documentation, is accessible only to authorised personnel.
  • Integrity: We protect information from unauthorised alteration, ensuring the accuracy of all business records.
  • Availability: We utilise an encrypted cloud-based infrastructure to ensure that data remains accessible to authorised users even during local infrastructure failures.

Operational Controls

  • Access Control & Segregation of Duties: We establish financial and administrative controls to limit access to sensitive systems. No single individual has end-to-end control over data processing or financial transactions.
  • Risk Assessment: We proactively identify and mitigate risks related to data security, cyber threats, and unauthorised disclosure.
  • Sub-Processor Oversight: Any third-party partners or agents with access to our data are contractually required to enter into a formal Data Protection Agreement (DPA).

2. Global Privacy Notice

Effective Date: March 2024

Scope: This notice governs the processing of personal data by LD Consultores and L&A Attorneys at Law for candidates, employees, and clients.

How We Use Your Information

  • Lawfulness and Transparency: We process personal data solely for the provision of agreed services, such as Employment of Record (EOR), payroll, and legal advisory.
  • Data Minimization: We only collect information that is strictly necessary for fulfilling our contractual and statutory obligations.

Data Protection Governance

  • UK Operations: L&A Attorneys at Law complies with the UK GDPR and the Data Protection Act 2018. In this jurisdiction, we are governed by the Information Commissioner’s Office (ICO).
  • International Standards: Across all jurisdictions, including Venezuela, we apply a minimum security standard equivalent to the General Data Protection Regulation (GDPR).

Individual Rights

Under applicable laws, data subjects have the right to:

  • Request access to their personal data held by our firms.
  • Request the correction of inaccurate or incomplete information.
  • Object to the improper use or disclosure of their sensitive information.

3. Compliance and Responsibility Arrangement

To ensure these policies are “enforced practices” rather than static documents, the firms have implemented the following:

  1. Staff Training: All employees receive regular training on data protection responsibilities and the recognition of information security “red flags”.
  2. Reporting of Breaches: Any suspected data breach or improper disclosure must be reported immediately to the firm’s Compliance Officer for investigation.
  3. Governance Oversight: The Managing Partners conduct annual reviews of these policies to ensure alignment with evolving international laws and client requirements.

Authorised by:

The Partners

LD Consultores & L&A Attorneys at Law