Lewis Rice LLC (the “Firm” or “we” or “our”) respects your privacy and is committed to protecting the privacy of your personal data. The purpose of this policy is to provide you with information about what personal data we collect, why we collect it, how we use and handle it, how an individual could exercise his/her rights with regard to such personal data collected.
This policy also describes a point of contact within the Firm where requests regarding an individual’s personal data and/or complaints about the Firm’s handling of personal data can be directed and requests for information about how the Firm is held accountable for safeguarding any personal data, should it be stored or transferred by the Firm, will be handled.
I. PRIVACY COMMITMENT.
The Firm is committed to the protection of your personal data and to complying with all United States (“U.S.”) federal and states laws, as well as all international laws, applicable to our processing of personal data. Additionally, while we have withdrawn from the E.U. – U.S. Privacy Shield and the Swiss-U.S. Privacy Shield programs, we remain committed to the E.U. – U.S. and Swiss – U.S. Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforceability and liability, (collectively, including the Supplemental Principles, the “Privacy Shield Principles”), and will continue to follow such Privacy Shield Principles in our processing of personal data.
II. HOW WE RECEIVE PERSONAL DATA & TYPES OF PERSONAL DATA RECEIVED
A. Ways in which We Receive Personal Data. The main avenue through which the Firm receives personal data is through our representation of our clients. In addition, we also receive personal data through the following sources:
- Through our website (www.lewisrice.com) (our “Website”), including, without limitation, your requests for information or subscriptions to our newsletters through the functionality of this Website;
- Through your application for employment with the Firm, whether written through written communication, email, our Website or our third party service provider(s);
- In communications with our clients or potential clients, whether through written communication, email, text, telephone, or other electronic messages between an individual or his/her employer or business and the Firm; or
- Our third party providers and other business partners (including, without limitation, our marketing consultants).
B. Types of Personal Data. Your personal data that may be collected or processed by the Firm includes:
- first and last names;
- address and past addresses;
- phone number;
- email address;
- date of birth and/or age;
- date of death;
- sex/gender,
- ethnicity and/or race;
- credit card information;
- IP address;
- non-academic titles, academic qualifications, and academic titles;
- firm/business/employer name, organizational titles, and departments;
- occupation;
- work experience, including job titles, company names, and dates of employment;
- education and education degree(s), including, majors, minors and dates of school attendance;
- veteran status;
- voluntary self-identification of disability;
- financial information, such as that which could be used to process invoices and payments; and
- any other information that might be used to identify you by another person.
C. Cookies and Other Tracking Technologies. As you navigate through and/or interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including:
- Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website; and/or
- Information about your computer and internet connection, including your IP address, operating system, and browser type.
The information we collect automatically is statistical data and does not include personal data, but we may maintain it or associate it with personal data we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size and usage patterns;
- Store information about your preferences;
- Speed up your searches;
- The technologies we use for this automatic data collection may include:
- Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
- Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see the Subsection entitled Individual Rights under the SECURITY, CHOICE AND ACCESS Section below.
- Web Beacons. Pages of our the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Firm, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
We do not collect personal data automatically, but we may tie this information to personal data about you that we collect from other sources or you provide to us.
Do Not Track (“DNT”) is a privacy preference that users can set in their web browsers. Our Website does not support DNT codes, but our Website limits tracking to the internal uses described above. Except in the case of analytics cookies, remarketing and other features of Google Display Advertising described above, our website does not track your use across multiple websites, however, other websites to which we link may. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. Also, if you wish to opt out of interest-based advertising, please visit http://optout.aboutads.infoto manage your preferences. Alternatively, if you are located in the European Union, you may visit http://www.youronlinechoices.eu/. Please note that you may continue to receive generic ads.
D. Children under the Age of 16. Our Website is not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Website. We do not knowingly collect personal data from children under 16. If you are under 16, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal data from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at [email protected].
III. DATA INTEGRITY AND PURPOSE LIMITATION (USES OF PERSONAL DATA)
The Firm, generally, processes personal data for the purposes of (i) counseling clients and providing legal representation and/or (ii) promoting the Firm in its marketplaces. We may also use personal data to allow individuals access to files and computer systems that are provided as part of our services or in connection with our business development, marketing, and accounting activities. Personal data is also and processed through the application for employment with the Firm. We use that information in considering your application and for communicating with you about such application. Additionally, personal data may be utilized to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection purposes or to notify you of any changes to our business, our Website or any of services. Access to personal data is controlled pursuant to the Firm’s Access Control Operating Procedures and applicable law, including, without limitation, the Standard Contractual Clauses (as defined below).
IV. SECURITY, CHOICE, AND ACCESS
In the provision of legal services, the Firm is acting as a data processor of client-controlled data. We may be a data controller with regard to personal data collected through our Website but our Website is intended for North American users only. If you are from outside North America, please do not contact us through our Website. You may contact us by telephone at 314-444-7600, or by mail at 600 Washington Avenue, Suite 2500, St. Louis, MO 63101 Attn: Data Protection and Privacy Officer.
A. Individual Rights. In accordance with applicable law, the Firm will facilitate an individual’s right to exercise his or her legal rights with regard to his or her personal information, such as a person’s (i) the right to access; (ii) the right to rectification; (iii) the right to erasure; (iv) the right to restrict processing; (v) the right to object to processing; (vi) the right to data portability; (vii) the right to withdraw consent and (viii) the right to lodge complaints. If you seek to exercise any such rights, please send your request by email to [email protected]. You also have the right to lodge your complaints with the applicable legal authorities, including, without limitation, the applicable European Union supervisory authority(ies) (if you are an European Union citizen).
We will respond to your reasonable requests in accordance with, and within the appropriate timeframe as determined by, the respective legal authority governing the use of the applicable personal data. In most cases, we will respond to requests within one month; provided, however, if the request is complex, we may extend its response time in accordance with applicable law and regulation.
B. Security. In addition, to protect this data and mitigate risk of a data breach and to comply with applicable law, the Firm employs reasonable and appropriate technical and organizational security procedures and processes designed to help protect against loss, misuse, and alteration of personal data collected and processed by the Firm, which include:
- Physical and logical access controls that limit who can access personal data based on business/processing need;
- Privacy policies for personal data and for employee personal data (a copy of which may be requested by emailing [email protected]);
- Annual employee training on our privacy policies;
- Employees who are bound by confidentiality and attorney-client privilege obligations;
- Data Protection and Privacy Officer and Incident Response Team to handle all personal data incidences or issues, including, without limitation, the handling of individual requests related to his/her personal data processed by the Firm; and
- The Firm’s Personal Data Incident Response Process and Business Continuity Plan that contain incident response plans for escalation and resolution of data breach incidents.
However, information transmitted on the Internet and/or stored on systems attached to the Internet is not 100% secure. As a result, we do not ensure, warrant or guarantee the security or integrity of such information.
C. California Privacy Rights. California residents may be provided with additional privacy rights under applicable law, including but not limited to California Civil Code Section § 1798.83 and the California Consumer Privacy Act of 2018. For more information, see our Privacy Notice for California Residents.
V. ACCOUNTABILITY FOR ONWARD TRANSFER
The performance of legal services or the other processing of your personal data may involve the transfer of certain personal data to or from third parties, including our third party service providers. All transfers of personal data relating to individuals in the European Union or the United Kingdom shall be governed by data processing agreements incorporating the standard contractual clauses for the transfer of personal data to processors or to controllers, as applicable, in the forms promulgated by such applicable governmental entities for such transfers (collectively, the “Standard Contractual Clauses”). If the Firm transfers personal data subject to the Standard Contractual Clauses to a third party, the recipient will have the same level of protection as required of the Firm under the Standard Contractual Clauses. In addition, all third party service providers engaged by the Firm are bound by contract to refrain from using any personal data for any purpose other than the provision of the given service for the Firm. The Firm is responsible and liable under the Standard Contractual Clauses for our third-party service providers processing personal data subject to the Standard Contractual Clauses in a manner consistent with the Standard Contractual Clause.
In addition to disclosures described above, we may disclose or transfer personal data to third parties in connection with, or during negotiations of, any merger, acquisition, spin-off, sale of company assets, subsidiary, any financing or any similar transaction. We may also disclose personal data to third parties in order to prevent damage or harm to us, our services or any person or property, if we believe that disclosure is required by law (including to meet national security or law enforcement requirements), or in response to a lawful request by any public or governmental authority.
The Firm does not sell, trade or transfer personal data to third parties.
Except as described in this Privacy Policy, we will not otherwise disclose personal data to any third parties unless you have been provided with an opportunity to opt in to such disclosure and, in the case of personal data collected from children, the appropriate verifiable consent is obtained.
If an individual wishes to opt out or limit the use and disclosure of their personal data to a third party or a use that is incompatible with the purpose for personal data was originally collected or authorized, the individual may send such request to [email protected].
When the Firm transfers personal data to countries other than the country where it was provided, we do so in compliance with applicable data protection laws, including, as applicable, the Standard Contractual Clauses, as described above. We may transfer personal data from persons outside of the U.S. to third parties located either in the U.S. or otherwise; provided that transfers to the U.S. from the European Union or the United Kingdom will comply with the Standard Contractual Clauses.
VI. RECOURSE, ENFORCEMENT, AND LIABILITY
A. Point of Contact for Complaints or Questions. Individuals have the ability to contact the Firm regarding any questions or concerns related to its collection or handling of their personal data.
Data Protection and Privacy Officer
By email at [email protected]
By mail at 600 Washington Avenue, Suite 2500, St. Louis, MO 63101 Attn: Data Protection and Privacy Officer.
B. Verification Procedures. On at least an annual basis, the Firm verifies its compliance with applicable law through a self-assessment conducted in accordance with its Self-Assessment Policy. If you would like further information about the Firm’s verification procedures, please contact the Firm’s Data Protection and Privacy Officer at [email protected]. The Firm recognizes that it must respond promptly to inquiries from legal authorities.
C. Consequences of Non-Compliance. The Firm commits to resolve complaints about your privacy and our collection or use of your personal data. Individuals who have inquiries or complaints regarding this Privacy Policy should first contact the Firm’s Data Protection and Privacy Officer at [email protected], who will, in accordance with the Firm’s Personal Data Request Process, the Firm’s Personal Data Incident Response Process and the Firm’s Business Continuity Plan, as applicable, escalate it to the Incident Response Team (“IRT”) and/or directly to the Firm’s Management Committee, as applicable.
The IRT is chaired by the Data Protection and Privacy Officer and consists of the Firm’s Data Protection and Privacy Officer and representatives from the Firm’s Information Technology department, Human Resources team and Management Committee. Suspected and confirmed personal data security incidents will be investigated by the IRT. Such investigation will include, but will not be limited to, determining the source of the breach, identifying the types of data affected, determining whether notifications must be made and instituting any remedial measures that may be necessary to avoid similar incidents in the future.
VII. CHANGES
We may amend this Privacy Policy at any time. If we make any material changes in the way we collect, use, and/or share your personal data or to this Privacy Policy, we will notify you by prominently posting notice of the changes on the websites covered by this Privacy Policy. We encourage you to periodically review this page for the latest information on our Privacy Policy.
VIII. CONTACT US
By email at [email protected]
By mail at 600 Washington Avenue, Suite 2500, St. Louis, MO 63101 Attn: Data Protection and Privacy Officer.
We are committed and required to respond to any of your inquiries on this issue within one month of receiving the inquiry.
This Policy was last updated on June 29, 2021.