Privacy Policy

Bridgewell is an independent business advisory practice based at Schweizerhofquai 4, 6004 Luzern, Switzerland. We take the privacy of clients, prospective clients and website visitors seriously. This policy applies to personal data we receive through our website, through email correspondence, and during the course of our consulting engagements.

We act as data controller under the Swiss Federal Act on Data Protection (revFADP, in force since September 2023) and, where applicable, under the European General Data Protection Regulation. For any question regarding this policy, please write to [email protected].

We try to collect only what we genuinely need. Categories of personal data we may hold:

Through this website

• Contact form submissions — your name, email address, telephone number (if provided), and the message you write to us.
• Technical data collected by our hosting provider for security and reliability — IP address, browser type, pages visited, timestamps.
• Cookie data, where you have given consent. See section 5 below and our Cookie Policy.

During an engagement

• Professional contact details for you and, where relevant, members of your team.
• Information shared during interviews, observation sessions or written exchanges in the course of advisory work.
• Billing details — registered company name, address, VAT number where applicable.

Legal basis for processing

• Consent — for marketing communications and non-essential cookies.
• Contract — to deliver the engagement you have asked us to deliver.
• Legitimate interest — to respond to enquiries, secure our website, and maintain professional records.
• Legal obligation — to keep accounting records as required by Swiss tax and commercial law.

Retention periods

• Contact-form enquiries that do not become engagements — held for up to 12 months, then deleted.
• Engagement records and correspondence — held for 10 years from the close of the engagement, as required under Swiss commercial law.
• Server logs — held for 90 days.
• Marketing consent records — held while consent remains active, and 24 months after withdrawal.

The information you share with us is used for the following purposes:

• To reply to your enquiry and discuss whether an engagement might be appropriate.
• To deliver the engagement we have agreed — preparing briefs, conducting interviews, sitting in on meetings, writing memos.
• To send invoices and maintain accounting records as required by Swiss law.
• To improve our website and understand how visitors find and use it (only where analytics cookies have been accepted).
• To meet legal obligations, including responding to lawful requests from competent authorities.

Sharing with third parties

We do not sell personal data, ever. We share personal data only with:

• Our hosting provider, which stores website data on servers located within Switzerland or the European Economic Area.
• Our accountant in Lucerne, who processes invoices on our behalf under a written confidentiality agreement.
• Email and calendar service providers used in the ordinary course of correspondence.
• Public authorities, where we are required to do so by Swiss law.

Stakeholder Alignment Memos

Interviews conducted as part of a Stakeholder Alignment Memo engagement are anonymised in the written deliverable. Raw notes are accessible only to the consultant carrying out the work and are destroyed within 30 days of the memo being delivered to the client. We treat the contents of these interviews as professionally confidential.

We apply technical and organisational measures appropriate to the nature of advisory work:

• Website traffic is encrypted in transit using TLS 1.3.
• Files relating to engagements are stored on encrypted volumes accessible only to the consultant assigned to the work.
• Email accounts are protected by multi-factor authentication.
• Paper notes from observation sessions are kept in a locked cabinet at our Lucerne office and shredded when no longer needed.
• We review our access controls and retention practices annually.
• In the event of a data breach affecting personal data, we will notify the Federal Data Protection and Information Commissioner and, where required, affected individuals, within the timeframes set by applicable law.

This website uses a small number of cookies. Essential cookies are required for the site to function and are set automatically. Analytics, marketing and preference cookies are set only with your consent, given through the cookie banner displayed on your first visit.

You can review and change your choices at any time on our Cookie Policy page, where each category is described and can be toggled on or off.

Subject to applicable law, you have the following rights regarding your personal data:

• Right of access — to know what personal data we hold about you and how it is processed.
• Right to rectification — to ask us to correct inaccurate or incomplete data.
• Right to erasure — to ask us to delete data where it is no longer needed and no legal obligation requires us to keep it.
• Right to data portability — to receive your data in a structured, commonly used format.
• Right to object — to processing based on legitimate interest, including direct marketing.
• Right to withdraw consent — at any time, without affecting the lawfulness of prior processing.
• Right to lodge a complaint — with the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland, or with your local supervisory authority in the European Economic Area.

To exercise any of these rights, please write to [email protected]. We respond to requests within 30 days, and we may ask you to verify your identity before we share or change data.

Our site occasionally links to third-party resources — for example to a public-domain map, a published article, or a professional body. Those sites have their own privacy practices, over which we have no control. We encourage you to read the privacy policy of any external site before sharing personal data with it.

Our services are addressed to business and professional users aged 18 or older. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us and we will delete the information promptly.

We may revise this policy from time to time, for instance to reflect changes in our practices or in applicable law. The "last updated" date at the top of the page indicates when the current version came into effect. Where changes are substantive, we will draw them to your attention through a notice on our website or, where appropriate, by email.

Bridgewell
Schweizerhofquai 4
6004 Luzern
Switzerland

Email: [email protected]
Telephone: +41 41 386 74 29