Lewis Rice LLC Privacy Policy

Lewis Rice LLC (the “Firm” or “we” or “our”) respects your privacy and is committed to protecting the privacy of your personal data. The purpose of this policy is to provide you with information about what personal data we collect, why we collect it, how we use and handle it, how an individual could exercise his/her rights with regard to such personal data collected.

This policy also describes a point of contact within the Firm where requests regarding an individual’s personal data and/or complaints about the Firm’s handling of personal data can be directed and requests for information about how the Firm is held accountable for safeguarding any personal data, should it be stored or transferred by the Firm, will be handled.


The Firm complies with the E.U. – U.S. Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles, including the Supplemental Principles (collectively, the “Privacy Shield Principles”) as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data transferred from the European Union (“E.U.”), the United Kingdom ("U.K.") and/or Switzerland to the United States ("U.S."), respectively (the programs being described herein as the “Privacy Shield”). As outlined below, the Firm adheres to and has certified to the U. S. Department of Commerce that it adheres to, the Privacy Shield Principles, including, the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability, as well as the Supplementary Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov. A list of companies that are currently certified under the Privacy Shield is available at https://www.privacyshield.gov/list.

Although the Firm is certified to the E.U. – U.S. Privacy Shield Principles, we do not rely on the E.U. – U.S. Privacy Shield Principles as a legal basis for transfers of personal data submitted relating to individuals in the E.U. or U.K. in light of the judgment of the Court of Justice of the E.U. in Case C-311/18. All transfers of personal data relating to individuals in the E.U. or U.K. shall be governed by data processing agreements incorporating the standard contractual clauses for the transfer of personal data to processors (2010/87/EU) and/or the standard contractual clauses for the transfer of personal data to controllers (2001/497/EC or 2004/915/EC), as applicable (collectively, the “E.U. Standard Contractual Clauses”). We may, but shall not be required to, also process personal data submitted relating to individuals in Switzerland via adequate compliance mechanisms other than the Swiss-U.S. Privacy Shield Princples.

Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”), and we are committed to responding promptly to inquiries and requests by the United States Department of Commerce for information relating to the Privacy Shield Principles.


A. Ways in which We Receive Personal Data. The main avenue through which the Firm receives personal data is through our representation of our clients. In addition, we also receive personal data through the following sources:

  • Through our website (www.lewisrice.com) (our “Website”), including, without limitation, your requests for information or subscriptions to our newsletters through the functionality of this Website;
  • Through your application for employment with the Firm, whether written through written communication, email, our Website or our third party service provider(s);
  • In communications with our clients or potential clients, whether through written communication, email, text, telephone, or other electronic messages between an individual or his/her employer or business and the Firm; or
  • Our third party providers and other business partners (including, without limitation, our marketing consultants).

B. Types of Personal Data. Your personal data that may be collected or processed by the Firm includes:

  • first and last names;
  • address and past addresses;
  • phone number;
  • email address;
  • date of birth and/or age;
  • date of death;
  • sex/gender,
  • ethnicity and/or race;
  • credit card information;
  • IP address;
  • non-academic titles, academic qualifications, and academic titles;
  • firm/business/employer name, organizational titles, and departments;
  • occupation;
  • work experience, including job titles, company names, and dates of employment;
  • education and education degree(s), including, majors, minors and dates of school attendance;
  • veteran status;
  • voluntary self-identification of disability;
  • financial information, such as that which could be used to process invoices and payments; and
  • any other information that might be used to identify you by another person.

C. Cookies and Other Tracking Technologies. As you navigate through and/or interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including:

  • Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website; and/or
  • Information about your computer and internet connection, including your IP address, operating system, and browser type.

The information we collect automatically is statistical data and does not include personal data, but we may maintain it or associate it with personal data we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:

  • Estimate our audience size and usage patterns;
  • Store information about your preferences;
  • Speed up your searches;
  • The technologies we use for this automatic data collection may include:
    • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
    • Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see the Subsection entitled Individual Rights under the SECURITY, CHOICE AND ACCESS Section below.
    • Web Beacons. Pages of our the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Firm, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

We do not collect personal data automatically, but we may tie this information to personal data about you that we collect from other sources or you provide to us.

Do Not Track (“DNT”) is a privacy preference that users can set in their web browsers. Our Website does not support DNT codes, but our Website limits tracking to the internal uses described above. Except in the case of analytics cookies, remarketing and other features of Google Display Advertising described above, our website does not track your use across multiple websites, however, other websites to which we link may. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. Also, if you wish to opt out of interest-based advertising, please visithttp://optout.aboutads.infoto manage your preferences. Alternatively, if you are located in the European Union, you may visithttp://www.youronlinechoices.eu/. Please note that you may continue to receive generic ads.

D. Children under the Age of 16. Our Website is not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Website. We do not knowingly collect personal data from children under 16. If you are under 16, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal data from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at [email protected].


The Firm, generally, processes personal data for the purposes of (i) counseling clients and providing legal representation and/or (ii) promoting the Firm in its marketplaces. We may also use personal data to allow individuals access to files and computer systems that are provided as part of our services or in connection with our business development, marketing, and accounting activities. Personal data is also and processed through the application for employment with the Firm. We use that information in considering your application and for communicating with you about such application. Additionally, personal data may be utilized to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection purposes or to notify you of any changes to our business, our Website or any of services. Access to personal data is controlled pursuant to the Firm’s Access Control Operating Procedures and applicable law, including, without limitation, the Privacy Shield Principles and the E.U. Standard Contractual Clauses.


In the provision of legal services, the Firm is acting as a data processor of client-controlled data. We may be a data controller with regard to personal data collected through our Website but our Website is intended for North American users only. If you are from outside North America, please do not contact us through our Website. You may contact us by telephone at 314-444-7600, or by mail at 600 Washington Avenue, Suite 2500, St. Louis, MO 63101 Attn: Data Protection and Privacy Officer.

A. Individual Rights. In accordance with applicable law, the Firm will facilitate an individual’s right to exercise his or her legal rights with regard to his or her personal information, such as a person’s (i) the right to access; (ii) the right to rectification; (iii) the right to erasure; (iv) the right to restrict processing; (v) the right to object to processing; (vi) the right to data portability; (vii) the right to withdraw consent and (viii) the right to lodge complaints. If you seek to exercise any such rights, please send your request by email to[email protected]. You also have the right to lodge your complaints with the applicable legal authorities, including, without limitation, the applicable E.U. supervisory authority(ies) (if you are an E.U. citizen). 

We will respond to your reasonable requests in accordance with, and within the appropriate timeframe as determined by, the respective legal authority governing the use of the applicable personal data. In most cases, we will respond to requests within one month; provided, however, if the request is complex, we may extend its response time in accordance with applicable law and regulation.

B. Security. In addition, to protect this data and mitigate risk of a data breach and to comply with applicable law, the Firm employs reasonable and appropriate technical and organizational security procedures and processes designed to help protect against loss, misuse, and alteration of personal data collected and processed by the Firm, which include:

  • Physical and logical access controls that limit who can access personal data based on business/processing need;
  • Privacy policies for personal data and for employee personal data (a copy of which may be requested by emailing [email protected]);
  • Annual employee training on our privacy policies;
  • Employees who are bound by confidentiality and attorney-client privilege obligations;
  • Data Protection and Privacy Officer and Incident Response Team to handle all personal data incidences or issues, including, without limitation, the handling of individual requests related to his/her personal data processed by the Firm; and
  • The Firm’s Personal Data Incident Response Process and Business Continuity Plan that contain incident response plans for escalation and resolution of data breach incidents.

However, information transmitted on the Internet and/or stored on systems attached to the Internet is not 100% secure. As a result, we do not ensure, warrant or guarantee the security or integrity of such information.

C. California Privacy Rights. California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected] or write us at: 600 Washington Avenue, Suite 2500, St. Louis, MO 63101 Attn: Data Protection and Privacy Officer.


The performance of legal services or the other processing of your personal data may involve the transfer of certain personal data to or from third parties, including our third party service providers. If the Firm transfers personal data subject to the Privacy Shield Principles or the E.U. Standard Contractual Clauses to a third party, the recipient will have the same level of protection as required of the Firm under the Privacy Shield or the E.U. Standard Contractual Clauses, as applicable. In addition, all third party service providers engaged by the Firm are bound by contract to refrain from using any personal data for any purpose other than the provision of the given service for the Firm. The Firm is responsible and liable under the Privacy Shield Principles and the E.U. Standard Contractual Clauses for our third-party service providers processing personal data subject to the Privacy Shield Principles or E.U. Standard Contractual Clauses in a manner consistent with the Privacy Shield Principles or E.U. Standard Contractual Clauses, as applicable.

In addition to disclosures described above, we may disclose or transfer personal data to third parties in connection with, or during negotiations of, any merger, acquisition, spin-off, sale of company assets, subsidiary, any financing or any similar transaction. We may also disclose personal data to third parties in order to prevent damage or harm to us, our services or any person or property, if we believe that disclosure is required by law (including to meet national security or law enforcement requirements), or in response to a lawful request by any public or governmental authority.

The Firm does not sell, trade or transfer personal data to third parties. However, the Firm may share personal data with its subsidiaries for the purposes of providing clients with information about our subsidiary’s service offerings. For example, the Firm may provide emails to its subsidiary or a third party service provider for direct email distribution of newsletters, on-line surveys, or notifications. 

Except as described in this Privacy Policy, we will not otherwise disclose personal data to any third parties unless you have been provided with an opportunity to opt in to such disclosure and, in the case of personal data collected from children, the appropriate verifiable consent is obtained.

If an individual wishes to opt out or limit the use and disclosure of their personal data to a third party or a use that is incompatible with the purpose for personal data was originally collected or authorized, the individual may send such request to[email protected]

When the Firm transfers personal data to countries other than the country where it was provided, we do so in compliance with applicable data protection laws, including, as applicable, the Privacy Shield Principles and E.U. Standard Contractual Clauses, as described below. We may transfer personal data from persons outside of the U.S. to third parties located either in the U.S. or otherwise; provided that transfers to the U.S. from the E.U. will comply with the E.U. Standard Contractual Clauses and transfers to the U.S. from Switzerland will comply with the Privacy Shield Principles.


A. Point of Contact for Complaints or Questions. Individuals have the ability to contact the Firm regarding any questions or concerns related to its collection or handling of their personal data.

Data Protection and Privacy Officer

By email at [email protected]

By mail at 600 Washington Avenue, Suite 2500, St. Louis, MO 63101 Attn: Data Protection and Privacy Officer.

B. Verification Procedures. On at least an annual basis, the Firm verifies its compliance with the Privacy Shield Principles through a self-assessment conducted in accordance with its Privacy Shield Self-Assessment Policy. If you would like further information about the Firm’s verification procedures, please contact the Firm’s Data Protection and Privacy Officer at [email protected]. The Firm recognizes that it must respond promptly to Department of Commerce inquiries.

C. Consequences of Non-ComplianceIn conjunction with its certification with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, the Firm uses Better Business Bureau (BBB) EU Privacy Shield as its Independent Recourse Mechanism (IRM), and by self-certifying with Privacy Shield, it is subject to the investigatory and enforcement authority of the Federal Trade Commission. 

In compliance with the Privacy Shield Principles, the Firm commits to resolve complaints about your privacy and our collection or use of your personal data. Individuals who reside in the E.U. or Switzerland with inquiries or complaints regarding this Privacy Policy should first contact the Firm’s Data Protection and Privacy Officer at [email protected], who will, in accordance with the Firm’s Personal Data Request Process, the Firm’s Personal Data Incident Response Process and the Firm’s Business Continuity Plan, as applicable, escalate it to the Incident Response Team (“IRT”) and/or directly to the Firm’s Management Committee, as applicable.

The IRT is chaired by the Data Protection and Privacy Officer and consists of the Firm’s Data Protection and Privacy Officer and representatives from the Firm’s Information Technology department, Human Resources team and Management Committee. Suspected and confirmed personal data security incidents will be investigated by the IRT. Such investigation will include, but will not be limited to, determining the source of the breach, identifying the types of data affected, determining whether notifications must be made and instituting any remedial measures that may be necessary to avoid similar incidents in the future.

The Firm has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

Under certain limited circumstances, E.U. or Swiss individuals may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please visit https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint.


We may amend this Privacy Policy at any time. If we make any material changes in the way we collect, use, and/or share your personal data or to this Privacy Policy, we will notify you by prominently posting notice of the changes on the websites covered by this Privacy Policy. We encourage you to periodically review this page for the latest information on our Privacy Policy.


By email at [email protected]

By mail at 600 Washington Avenue, Suite 2500, St. Louis, MO 63101 Attn: Data Protection and Privacy Officer.

If you are a resident of a country participating in the Privacy Shield and you believe we maintain your personal data within the scope of this Privacy Shield certification, you may direct any questions or complaints to the Firm’s Data Protection and Privacy Officer, whose contact information is below:

Data Protection and Privacy Officer

By email at [email protected]

By mail at 600 Washington Avenue, Suite 2500, St. Louis, MO 63101 Attn: Data Protection and Privacy Officer.

We are committed and required to respond to any of your inquiries on this issue within one month of receiving the inquiry.

This Policy was last updated on July 27, 2020.

E.U. and Swiss Employee Data Privacy Policy