Home_Privacy Policy

Last Updated: May 1, 2026

Thompson Coburn LLP is committed to protecting your privacy. This Privacy Policy explains how the Firm collects, stores, uses, and discloses your personal information when you interact with us both online and offline.

Where this Privacy Policy Applies:

This Privacy Policy explains how the Firm collects, uses, and discloses information about you collected online and offline through websites (Websites), software applications made available by us for use on or through computers and mobile devices (Apps), social media platforms from which you are accessing this Privacy Policy (Social Networks), email messages we send to you that link to this Privacy Policy (Emails), SharePoint/Teams/other collaboration sites made available to our clients and third parties (Collaboration Sites), services we provide to our clients (Client Services), and any other offline business interactions you may have with us, such as when you visit our offices or attend our events (Offline Interactions).

Collectively, we refer to the Websites, the Apps, Social Networks, Emails, Collaboration Sites, Client Services, and Offline Interactions as the Services. Please note that in some cases we may provide separate or additional privacy notices. For example, we have a separate privacy policy that applies to the information we collect from our clients when providing certain legal services.

Please note that third-party platforms operate under their own privacy policies. Also, when you receive our emails, we may collect information about your interaction with them (for example, whether you opened the email or clicked a link), where permitted by law and your settings.

Where We Collect Information

We collect personal information from, you directly, your devices and browsers, social networks and third-party platforms, marketing emails, from service providers and partners, and publicly available sources and professional contacts.

We may combine information we receive from these sources—for example, we may use information from LinkedIn to update your contact details in our contact database.

Categories of Personal Information We Collect

The categories of personal information we collect depend on your relationship with the Firm. This information may include:

Former, Current, and Prospective Clients

When we provide client services to you, we may collect, use, store, and transfer the following categories of personal information:

  • Communications Data includes correspondence or messages (including emails, SMS, chat, or social media messages/comments) and other personal information you provide through these sources.
  • Contact Data includes your postal address, email address, and telephone number(s).
  • Identity Data includes your first name, last name, and title.
  • Professional Data includes information about your professional background, history of directorships, and media coverage.
  • Event Data includes details of events you attend and information you provide at events (including survey responses).
  • Marketing Data includes marketing and communication preferences.
  • Sensitive Personal Information may include information such as protected classification characteristics or certain financial information.

Online Services Users

When you interact with us though our website, social networks, and emails, we may collect, use, store, and transfer the following categories of personal information:

  • Communications Data includes correspondence or messages (including emails, SMS, chat, or social media messages/comments) and other personal information you provide through these sources.
  • Contact Data includes your postal address, email address, and telephone number(s).
  • Identity Data includes your first name, last name, and title.
  • Marketing Data includes marketing and communication preferences.
  • Technical Data means information automatically collected when you access or use the website or other online services, such as your device type, browser type and settings, operating system, IP address, approximate location derived from IP address, log data (including date/time of access and pages or features viewed), and diagnostic or performance data (such as error reports and crash logs).

If any of the above can reasonably be linked to you or your household, it is treated as personal information. We may use certain identifiers (including IP address) to help secure our systems, prevent fraud, and investigate suspicious activity, consistent with applicable law. See our Cookie Policy for more information.

Job Applicants

If you apply for a position with us, we may collect the following categories of personal information:

  • Application Data includes your job title, work history, and other information you provide in connection with your application.
  • Communications Data includes correspondence or messages (including emails, SMS, chat, or social media messages/comments) and other personal information you provide through these sources.
  • Contact Data includes your postal address, email address, and telephone number(s).
  • Identity Data includes your first name, last name, and title.
  • Sensitive Personal Information may include information such as protected classification characteristics or certain financial information.

Employees and Contractors

If you are an employee or contractor, in addition to the categories of personal information we collect from job applicants, we may collect the following categories of personal information related to and during your employment with us:

  • Financial Data such as bank account details.
  • Sensitive Personal Information during screening and intake, which may include pre-employment physical/medical questionnaires for job fitness; disability/medical accommodation information; or religious/philosophical beliefs (for accommodation purposes).

Where applicable, we provide the ability to limit certain uses and disclosures of Sensitive Personal Information, consistent with applicable law.

The above listed categories of personal information collected by us are consistent with our practices over the past 12 months.

Use of Personal Information

We may use the categories of personal information described above for the purposes below:

Former, Current, and Prospective Clients

We use personal information to:

  • Respond to and fulfill client requests, administer client files, provide legal services, manage our relationship, and contact individuals (including employees of institutional clients) in connection with providing client services
  • Validate authorized client signatories when concluding agreements and transactions.
  • Respond to inquiries and fulfill requests, provide requested information or services, send related communications (including confirmations and receipts).
  • Meet our legal and regulatory obligations, and operate, improve, and update you about our interactions

Online Services Users

We use personal information to:

  • Deliver and administer the websites, social network sites, and emails.
  • Monitor and analyze usage, trends, and activities; perform analytics and diagnostics; and improve performance and user experience.
  • Detect, prevent, and investigate suspicious activity and protect our systems (e.g., cybersecurity and abuse prevention).
  • Send newsletters, publications, legal updates, and information about seminars/events; and communicate with you about our services and firm news (subject to your preferences and applicable law).

Job Applicants

We use personal information to:

  • Assess applicants and make hiring decisions.
  • Conduct background and employment checks (as permitted by law).
  • Communicate with you about your application and the recruiting process.

Employees and Contractors

We use personal information to:

  • Administer accounts and access, and send administrative and support communications (e.g., technical notices, updates, security alerts).
  • Conduct audits to verify internal processes function as intended and comply with legal, regulatory, or contractual requirements.
  • Protect the health, safety, and vital interests of our personnel and others.
  • Monitor for fraud and security incidents, including detecting and preventing cyberattacks or identity theft.
  • Operate and improve internal systems and processes, including data analysis to improve efficiency.

Cross-Border Processing and Storage

We may process and store personal information in the United States and other countries, which may have data protection laws that differ from (and may be less protective than) the laws of your country of residence. This processing, including storage, may involve cross-border transfers of personal information as described in the Cross-Border Data Transfers section below.

Disclosure of Personal Information

We may share your personal information as follows or as otherwise described in this Privacy Policy:

  • With vendors, consultants, professional advisors, and other service providers working on our behalf to facilitate services they provide to us, such as providers of website hosting, consulting and monitoring related to the Services, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services related to meeting our clients’ legal needs. As our service providers are located around the world, please note that these disclosures may involve cross-border transfers of your personal information as described in the Cross-Border Data Transfers section below
  • To comply with applicable laws and regulations, which can include laws outside your country of residence
  • To cooperate with public and government authorities, which can include those outside your country of residence, by responding to a request or providing information
  • To cooperate with law enforcement, including by responding to law enforcement requests and orders or providing information
  • For other legal reasons, such as to enforce our terms and conditions and to protect our rights, privacy, safety, or property or that of our affiliates, you, or others
  • With the applicable state bar association, we may share your name and bar number in connection with an application for CLE credit
  • To third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings)
  • For users of our collaboration sites, your name, contact information, and any content or materials you submit or post to that site may be shared with other users of the collaboration sites
  • With your consent or at your direction, including if we notify you that your personal information will be shared in a particular manner and you provide such personal information. We may also share your personal information with third parties when you intentionally direct us to do so or when you use our Services to intentionally interact with third parties. We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.

The above list reflects our disclosures of personal information consistently with our practices in the past 12 months.

Data Retention

We retain personal information (including Sensitive Personal Information) only for as long as reasonably necessary and proportionate to achieve the purposes described in this Privacy Policy, unless a longer period is required or permitted by law (for example, to comply with legal obligations, maintain records, resolve disputes, enforce agreements, or establish, exercise, or defend legal claims). Where we cannot specify a precise period in advance, we determine retention based on the purpose and context of collection, the nature of our relationship with you, the sensitivity of the information, legal/regulatory/professional obligations, contractual/client requirements, security and fraud-prevention needs, and actual or anticipated disputes or legal holds.

  • Former, Current, and Prospective Clients: We generally retain each category of personal information in client/matter records for the duration of the engagement and thereafter as needed for legal, regulatory, and professional responsibility obligations, client instructions, conflicts/risk management, recordkeeping, and claims defense.
  • Online Services Users: We generally retain Technical Data for security/fraud prevention and service operation; Communications Data to manage and respond to interactions; Identity Data and Contact Data associated with inquiries/subscriptions while we maintain communications/relationship records; and Marketing Data until you opt out or we no longer maintain marketing records (while retaining limited information as needed to honor your preferences, such as opt-out status).
  • Job Applicants: We generally retain each category of personal information disclosed for recruiting and hiring administration, documentation of decisions, legal compliance, and claims defense.
  • Employees and Contractors: We generally retain each category of personal information disclosed for employment/engagement administration and as required for payroll/tax/benefits, health and safety, legal compliance, audit, and claims defense.

When personal information is no longer needed, we take reasonable steps to delete, de-identify, or anonymize it consistent with applicable law and our record retention policies; if a legal hold applies, we retain relevant information until the hold is lifted.

Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information we collect against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use.

Despite these measures, no security controls are perfect and no method of transmission or storage can be guaranteed to be completely secure. You are responsible for taking reasonable steps to protect your account credentials and devices. If you have reason to believe that your interaction with us is no longer secure, please notify us using the contact information in the Contacting Us section below.

Cross-Border Data Transfers

Your personal information may be stored and processed in any country where we have facilities, provide legal services, or engage service providers. By using the Services, you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your personal information.

Use of Services by Minors

The Services are not intended for individuals younger than 18 years old, and we do not target our Services to or knowingly collect information from individuals under 13 years old.

Links to Other Websites and Third-Party Content

We may provide links to or embed videos hosted by third-party websites, services, and applications, such as YouTube, that are not operated or controlled by us. This Privacy Policy does not apply to third-party services, and we cannot take responsibility for the content, privacy policies, or practices of third-party services. We encourage you to review the privacy policies of any third-party service before providing any information to or through them. The Services may include an activity feed, social media button, or widget, such as the Facebook “Like” button, or similar. Your interactions with these features are governed by the privacy policy of the third-party service that provides the feature. We are not responsible for the collection, use, disclosure, or security practices or policies of other organizations, such as Facebook, Apple, Google, Microsoft, or any other app developer, app provider, social media platform, operating system provider, wireless service provider, or device manufacturer including regarding any Personal Information you disclose to other organizations through or in connection with the Apps or Our Social Media.

Privacy Rights and Related Choices

Marketing Communications.If you no longer wish to receive marketing-related emails from us going forward, you may opt out by following the unsubscribe instructions in any such emails or by contacting us at [email protected]. We will comply with your request as soon as reasonably practicable. If you opt out of receiving marketing communications from us, we may still send you nonmarketing communications, such as those about your account or our ongoing business relations.

Your Privacy Rights. Depending on your jurisdiction and subject to certain limitations, you may have the following rights with respect to the personal information we process about you:

Right to know. You may have the right to request information about our collection, use, and disclosure of your personal information, including: (i) the categories of personal information we collect; (ii) the categories of sources from which we collect it; (iii) the purposes for collecting, using, or disclosing it; and (iv) the categories of third parties to whom we disclose personal information (including whether we disclose it for business purposes or other purposes under applicable law).

Right to access and data portability. You may have the right to request access to the personal information we maintain about you, including a copy of the personal information we have collected about you. Where required by law and to the extent technically feasible, we will provide the information in a portable and readily usable format.

Right to Delete. You may have the right to request that we delete personal information we maintain about you, unless retention of that information is permitted or required under applicable law. If you request deletion of your personal information, we may deny your request or retain certain information if it is necessary for us or our service providers to:

  • complete the transaction or request for which the personal information was collected;
  • detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity;
  • debug to identify and repair errors that impair existing intended functionality;
  • exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided by law;
  • enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
  • comply with a legal obligation; or
  • otherwise use the personal information internally, in a lawful manner that is compatible with the context in which you provided the information.

Right to Correct. You may have the right to request correction of inaccurate personal information we maintain about you.

Right to Non-Discrimination. You have the right not to receive discriminatory treatment by us for exercising your privacy rights.

Exercising Your Rights

To exercise your rights as set out above, please contact us using the contact details described in the “Contacting Us” section, indicating the right you would like to exercise and that you are making the request under an applicable U.S. state privacy law.

To process your request, we may need to verify your identity. We will use reasonable methods to verify your identity based on the nature of the request and the information we maintain. If we cannot verify your identity from the information already maintained by us, we may request additional information that will be used only for verification, security, or fraud-prevention purposes.

Authorized Agents

Where permitted by law, you may have the right to use an authorized agent to submit a request on your behalf. We may require proof that the authorized agent has written permission signed by you, and we may also require you (as the consumer) to verify your identity directly with us and confirm that you provided the authorized agent permission to act on your behalf.

Timing and Appeals

We will make every effort to respond to your request within 45 days from when you contact us. If you have a complex request, the law may permit us to take longer to respond; if so, we will let you know within 45 days that we need additional time.

If we decline to take action on a request, we will inform you of our reasons for doing so and provide instructions on how to appeal the decision, where required. Depending on your state of residence, you may have the right to appeal within a reasonable period after receiving our decision. If you submit an appeal, we will inform you in writing of any action taken or not taken in response within the timeframe required by applicable law. If we deny your appeal, we will provide, where required, information on how to contact your state attorney general (or other regulator) to submit a complaint.

No Sale/Sharing; No Targeted Advertising. The Firm does not sell personal information or share personal information for cross-context behavioral advertising or targeted advertising, as those terms are defined under applicable U.S. state privacy laws.

Revisions and Updates to this Privacy Policy

We may change this policy from time to time. If we make changes, we will notify you by revising the date at the top of this Privacy Policy and, in some cases, we may provide you with additional notice (such as by adding a statement to our website home page or by sending an email notification). Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services after any changes means that you accept the revised Privacy Policy. We encourage you to review our Privacy Policy frequently to stay informed about our information practices and the choices available to you.

Contacting Us

Thompson Coburn LLPis the entity responsible for collection, use, and disclosure of your Personal Information under this Privacy Policy. If you have any questions about this Privacy Policy, please contact us. You can reach us at [email protected], toll-free at 866-903-0183,or at:

Thompson Coburn LLP

Attn: Risk Management

One US Bank Plaza

St. Louis, MO 63101

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.

Automated Data Collection Technologies and Cookie Policy (“Cookie Policy”)

As you navigate and interact with our online services, we may use automated data collection technologies (“ADCT”) to collect certain information about your device and how you interact with our Online Services. Depending on the online service, this may include:

  • Technical Data: device and connection data, including IP address, device/browser type and settings, operating system, approximate location derived from IP address, log data (date/time), and diagnostic/performance data (e.g., error reports).
  • Usage Data (interaction data): information about how you use and navigate the Online Services, such as pages or features viewed, clicks, scrolling/activity signals, session duration, and referring/exit information.
  • Marketing Data: cookie consent and preference signals, and first-party measurement of communications/marketing engagement (e.g., whether an email was opened or a link was clicked where tracking is enabled).
  • Identifiers: online identifiers used to recognize a browser or device, such as cookie IDs, and similar unique identifiers.

Why We Collect It

We use ADCT to:

  • Operate and secure Online Services (e.g., load balancing, fraud/abuse detection, debugging, and system integrity).
  • Measure and improve performance and content (e.g., improve Online Services content, collect and process usage analytics and audience measurement).
  • Remember preferences (e.g., language and cookie choices).
  • Personalize your experience (e.g., content presentation and saved settings).

Technologies We Use

ADCT may include:

  • Cookies (browser cookies): small files stored on your browser that support core functionality (strictly necessary), preferences, performance/analytics, and—in some cases—contextual messaging.
  • Local storage and similar technologies: HTML5 local storage, session storage, and similar browser-based storage used for preferences and performance. (We do not use legacy Flash cookies.)
  • Pixels, tags, and web beacons: small code or image files that help measure interactions, count visits, and support system integrity. (Email pixels may also be used to measure email engagement for communications effectiveness.)
  • SDKs: Our Apps may use SDKs to collect diagnostic and usage information (e.g., crash logs and interaction events) to help us maintain and improve functionality and security. Where available, we enable privacy-protective settings and limit collection consistent with applicable law.
  • Session replay/heatmap tools: tools that record interactions to help diagnose issues and improve usability. We configure these tools to avoid capturing sensitive inputs.
  • Third-party analytics providers: providers that help us measure usage and improve Online Services. These providers may set cookies/tags and process information such as IP address and activity to provide reports to us. Where available, we enable privacy-protective settings. Please review each provider’s privacy disclosures to learn more and understand available choices.

Your Choices

  • Cookie controls: You can manage non-essential cookies via our cookie banner or settings tool (where available). You can also control cookies through your browser settings. Blocking some cookies may affect Online Services functionality.
  • Mobile device controls: You may be able to limit certain data collection through your device settings (e.g., restricting app permissions or limiting analytics/diagnostic sharing)