Legal

Privacy Policy

Effective 15 June 2026 · Governing law: Switzerland · Contact: bastian@bastiangugger.com

This policy explains what personal data is collected when you visit bastiangugger.com, why it is collected, who it is shared with, and the rights you have over it. It is written for visitors everywhere, with specific protections for people in the EU and EEA (under the GDPR), in Switzerland (under the revised Federal Act on Data Protection, the nFADP), and in California (under the CCPA/CPRA).

01Who is responsible for your data

The data controller for this website is Bastian Gugger, based in Switzerland. The controller decides why and how your personal data is processed.

Controller: Bastian Gugger
Email: bastian@bastiangugger.com

If you have any question about your data or want to exercise a right described below, email the address above and your request will be handled directly.

02What data is collected

The data collected depends on how you use the site. It falls into the following categories.

Information you give directly

Identity and contact details such as your name and email address, when you take the quiz, join the email list, or submit an application.
Quiz answers that you select while taking the Core Pattern quiz, used to generate your result.
Application answers that you write when applying for Private Work, including the free-text reflections in the application form.
Booking details that you provide when you schedule a call (your name, email, chosen time, and any notes), handled through Calendly.

Information collected automatically

Technical and device data such as your IP address, browser type, device type, operating system, referring page, and the pages you view. This is standard web-server and platform data.
Cookies and similar technologies, including the Meta Pixel and its associated identifiers, and analytics measurement. Non-essential cookies are only set after you give consent. See the Cookies section below.

This site is not intended to collect special categories of data (for example, health or sensitive data). Please do not include sensitive personal details in free-text fields beyond what is necessary.

03Why your data is used, and the legal basis

Your data is only used for clear, limited purposes. For visitors in the EU, EEA, and Switzerland, each purpose has a lawful basis under the GDPR and the nFADP.

To run the quiz and show your result

Basis: performance of a service you requested (contract), and your consent where you also ask to receive your result by email.

To send emails you asked for

Basis: consent. You can withdraw it at any time using the unsubscribe link in any email, or by emailing the contact above. Withdrawing consent does not affect processing that already happened.

To process applications and book calls

Basis: steps taken at your request before entering into a contract, and the performance of that contract if you proceed.

To send transactional and administrative messages

Basis: legitimate interest and contract, for example confirming an application was received or replying to your enquiry.

To measure and improve the site, and to measure advertising

Basis: consent for analytics and marketing cookies and pixels (including the Meta Pixel and Conversions API). Where measurement does not rely on cookies or tracking, the basis is legitimate interest in understanding and improving the service. Nothing in the analytics or marketing category runs before you consent.

To keep the site secure and meet legal duties

Basis: legitimate interest in protecting the site against abuse, and compliance with legal obligations where they apply.

04Who your data is shared with

Your data is never sold. It is shared only with the service providers (processors) needed to run the site and the work, and only for the purposes above. Each processor acts under a contract and is named here so you know exactly who is involved.

Kit (formerly ConvertKit) — email marketing and list management. Stores your name, email, quiz/application tags, and email engagement.
Calendly — call scheduling. Stores your name, email, chosen time, and any booking notes.
Resend — transactional email delivery, used to send administrative notifications (for example, that an application was received).
Meta Platforms (Facebook/Instagram) — the Meta Pixel and Conversions API, used to measure and improve advertising. Only active after you grant marketing consent.
Vercel — website hosting and content delivery, which processes technical and server-log data needed to serve the site.

Data may also be disclosed where required by law, to establish or defend legal claims, or as part of a business transfer, in which case it would remain protected under terms consistent with this policy.

05International data transfers

Several of the providers above are based in the United States or operate globally, so your data may be processed outside Switzerland and the EEA. Where data leaves Switzerland or the EEA, it is protected by an appropriate safeguard recognised under the GDPR and the nFADP.

Transfers to countries the European Commission or the Swiss authorities recognise as providing adequate protection rely on that adequacy decision.
Other transfers, including to US-based processors, rely on the European Commission Standard Contractual Clauses (SCCs) and the equivalent Swiss safeguards, together with additional measures where needed.

You can request a copy of the relevant safeguard by emailing the contact above.

06How long your data is kept

Data is kept only for as long as it is needed for the purpose it was collected, or as long as the law requires.

Email subscribers: until you unsubscribe or ask to be removed, after which your record is deleted or anonymised within a reasonable period.
Quiz and application answers: for as long as needed to respond to you and to deliver the work, and then deleted or anonymised when no longer needed.
Booking data: for the period needed to schedule, hold, and follow up on the call.
Technical and analytics data: for a limited period consistent with the provider settings and applicable law.
Records needed for legal or accounting reasons: for the retention period the law requires.

07Your rights over your data

If you are in the EU, EEA, or Switzerland, you have the following rights. Many of these also apply to visitors elsewhere as a matter of practice.

Access — ask whether your data is processed and get a copy of it.
Rectification — ask to correct data that is wrong or incomplete.
Erasure — ask to delete your data where there is no overriding reason to keep it.
Restriction — ask to limit how your data is used in certain cases.
Portability — receive the data you provided in a portable format, or have it sent to another controller where technically feasible.
Objection — object to processing based on legitimate interest, including profiling, and object to direct marketing at any time.
Withdraw consent — withdraw any consent you gave, at any time, without affecting prior lawful processing.

To exercise any of these, email bastian@bastiangugger.com. Your request will be answered within the timeframe the law allows, and your identity may need to be verified first.

Lodging a complaint

You can complain to a supervisory authority. In Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC), edoeb.admin.ch. In the EU or EEA you can contact the data protection authority in your country of residence. We would appreciate the chance to address your concern directly first.

08Notice for California residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information is collected and why, to request access to or deletion of that information, to correct inaccurate information, and to opt out of any sale or sharing of personal information.

Your personal information is not sold. Some advertising cookies (such as the Meta Pixel) may be considered sharing for cross-context behavioural advertising under California law. These only run after you give marketing consent, and you can withdraw that consent at any time using the cookie settings link in the footer, which serves as your opt-out. You will not be discriminated against for exercising any of these rights.

To make a request, email bastian@bastiangugger.com.

09Cookies and tracking

Cookies are small files stored on your device. This site uses essential cookies that are always needed for it to function and to remember your privacy choice. It also uses optional analytics and marketing cookies, including the Meta Pixel and Conversions API, which only run after you allow them.

When you first visit, a banner lets you accept all, reject everything non-essential, or choose by category. You can reopen these choices anytime using the Cookie settings link in the footer. Until you consent, no analytics or marketing cookies are set and no advertising pixel fires.

10Children

This site and the work it describes are intended for adults and are not directed at children. Data is not knowingly collected from anyone under 16. If you believe a child has provided personal data, contact the address above and it will be deleted.

11How your data is protected

Reasonable technical and organisational measures are used to protect your data, including encryption in transit, access controls, and working with reputable processors that maintain their own security standards. No method of transmission or storage is completely secure, but your data is handled with care and only kept as long as needed.

12Changes to this policy

This policy may be updated from time to time. When it changes, the effective date at the top will be updated, and material changes will be communicated where appropriate. The effective date of this version is shown at the top of the page.

Questions about this policy can be sent to bastian@bastiangugger.com.