Privacy Policy
We have prepared this privacy policy to explain, in accordance with the General Data Protection Regulation (EU) 2016/679 and applicable national law, which personal data we process as the controller, which data the processors we engage handle on our behalf, which data we intend to process in future, and what lawful options are available to you. All terms used are to be understood as gender-neutral.
Scope
This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies we engage as processors. By personal data we mean information within the meaning of Article 4(1) GDPR, such as a person's name, email address, and postal address.
The scope of this privacy policy covers:
- all online presences (websites) we operate
- social media presences and email communication
- contact forms and other digital communication channels
Legal bases
We process your data only where at least one of the following conditions applies:
- Consent (Article 6(1)(a) GDPR): you have given us your consent to process data for a specific purpose.
- Contract (Article 6(1)(b) GDPR): processing is necessary to perform a contract or to take steps prior to entering into a contract.
- Legal obligation (Article 6(1)(c) GDPR): we are subject to a legal obligation that requires the processing.
- Legitimate interests (Article 6(1)(f) GDPR): processing is necessary to protect our legitimate interests, provided your fundamental rights do not override them.
In addition to the GDPR, the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) applies in Germany.
Contact details of the controller and the data protection officer
Controller
Andreas Bader
objective partner AG
Bergstraße 45/1
69469 Weinheim, Germany
Email: info@corenate.com
Data protection officer
Oliver Wilkening
objective partner AG
Bergstraße 45/1
69469 Weinheim, Germany
Email: datenschutz@objective-partner.com
Phone: +49 174 341 43 95
Legal notice (Impressum): https://objective-partner.de/impressum/
Retention period
We store personal data only for as long as is strictly necessary to provide our services and products. This means we delete personal data as soon as the reason for processing it no longer applies. In some cases we are legally required to retain certain data beyond the original purpose, for example for accounting purposes (retention obligation of six to ten years under the German Commercial Code and Fiscal Code).
Should you wish your data to be deleted, or should you withdraw your consent to processing, the data will be deleted as swiftly as possible, provided no retention obligation applies.
Your rights under the GDPR
Under Articles 13 and 14 GDPR you have the following rights:
- Right of access (Article 15 GDPR): you have the right to know whether and which of your data we process.
- Right to rectification (Article 16 GDPR): you may request that inaccurate data be corrected.
- Right to erasure (Article 17 GDPR): you may request the erasure of your data (the "right to be forgotten").
- Right to restriction of processing (Article 18 GDPR): you may request that we only store your data and process it no further.
- Right to data portability (Article 20 GDPR): you may request your data in a commonly used format.
- Right to object (Article 21 GDPR): you may object at any time to the processing of your data based on legitimate interests.
- Right to lodge a complaint (Article 77 GDPR): you may lodge a complaint with the competent data protection supervisory authority at any time.
Competent supervisory authority:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
(State Commissioner for Data Protection and Freedom of Information, Baden-Württemberg)
Königstraße 10a, 70173 Stuttgart, Germany
Phone: +49 711 61 55 41-0
Email: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de/
Data transfers to third countries
We transfer or process data in countries outside the EU (third countries) only where you have consented to such processing, where it is required by law, or where it is contractually necessary. Where third country transfers take place, they are based on appropriate safeguards, such as the EU Standard Contractual Clauses under Article 46 GDPR, or on an adequacy decision of the European Commission.
Please note: HubSpot, Inc. (USA) is our hosting and CRM provider. HubSpot is certified under the EU-US Data Privacy Framework. We have entered into a data processing agreement with HubSpot in accordance with Article 28 GDPR. Data transfers to the USA take place on the basis of the EU Standard Contractual Clauses.
Security of processing
To protect personal data we have implemented both technical and organisational measures (TOMs). Our website is operated exclusively over HTTPS (TLS encryption), so that data transmitted between your browser and our web server is encrypted.
Website hosting via HubSpot
This website is hosted and operated via HubSpot.
Provider: HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA
EU establishment: HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2, Ireland
Privacy policy: https://legal.hubspot.com/privacy-policy
When you access our website, HubSpot automatically records technical data and stores it in server log files. This includes:
- the IP address of the requesting device (anonymised where applicable)
- date and time of access
- name and URL of the file retrieved
- browser type and version
- operating system
- referrer URL (the page visited previously)
This data is processed to ensure the technical operation of the website. It is not combined with other data sources.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in the secure and stable operation of the website)
HubSpot also sets strictly necessary cookies on our website that are required for the site to function, for example to store language settings or session data. These cookies do not require consent.
We have entered into a data processing agreement with HubSpot in accordance with Article 28 GDPR.
Cookies
What are cookies?
Our website uses HTTP cookies to store user-specific data. Cookies are small text files stored in your browser by our website.
Cookiebot (consent management)
We use Cookiebot by Usercentrics as our consent management platform (CMP) to obtain, document, and manage your cookie consent in a legally compliant manner.
Provider: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark
Privacy policy: https://www.cookiebot.com/en/privacy-policy/
Cookiebot sets a strictly necessary cookie (CookieConsent) in which your consent decision is stored. This cookie contains:
- the date and time of consent
- a unique consent ID
- the consent categories you selected (Necessary, Preferences, Statistics, Marketing)
This cookie is strictly necessary in order to document your consent decision in a verifiable way (accountability under Article 5(2) GDPR). It is set without separate consent.
Legal basis: Article 6(1)(c) GDPR (legal obligation to document consent) and Article 6(1)(f) GDPR (legitimate interest in being able to demonstrate consent)
You can withdraw or change your consent at any time via the cookie banner ("Withdraw your consent" / "Change your consent").
Which cookie categories do we use?
We distinguish between the following categories:
- Necessary: these cookies are strictly required for the website to operate. They are set without consent. Legal basis: Article 6(1)(f) GDPR.
- Preferences: cookies that store your settings, for example your language selection. Legal basis: Article 6(1)(a) GDPR (consent).
- Statistics: cookies used to analyse user behaviour, for example HubSpot Analytics. Legal basis: Article 6(1)(a) GDPR (consent).
- Marketing: cookies used for advertising and retargeting. Legal basis: Article 6(1)(a) GDPR (consent).
The first time you visit our website you will be asked for your consent via the Cookiebot banner. You can withdraw or adjust your consent at any time.
Managing and deleting cookies
You can manage, disable, or delete cookies in your browser settings at any time:
Contact form and getting in touch
If you contact us via our contact form or by email, the data you provide (for example your name, email address, and message) is processed and stored in order to handle your enquiry.
This data is not passed on to third parties without your consent. The data is deleted once the matter has been concluded, provided no statutory retention obligations apply.
Legal bases:
- Article 6(1)(a) GDPR (consent)
- Article 6(1)(b) GDPR (steps prior to entering into a contract, or performance of a contract)
- Article 6(1)(f) GDPR (legitimate interest in professional communication)
Contact enquiries are processed and stored via HubSpot CRM. The data processing agreement concluded with HubSpot applies.
Demo requests
If you request a demo via our website, the data you enter (for example your name, company, email address, and details of your setup) is processed in order to prepare and carry out the demo and to contact you.
Legal basis: Article 6(1)(b) GDPR (steps prior to entering into a contract) and Article 6(1)(f) GDPR (legitimate interest)
Newsletter
Where we offer a newsletter, we process your email address and, where applicable, your name solely on the basis of your express consent (double opt-in procedure). You can unsubscribe from the newsletter at any time. The unsubscribe link is included in every newsletter email.
Legal basis: Article 6(1)(a) GDPR (consent)
Newsletters are sent and managed via HubSpot.
HubSpot Analytics and tracking
Where you have consented to the use of analytics and tracking functions, HubSpot uses cookies and similar technologies to analyse user behaviour on our website, for example page views, time on page, and click paths. The data is processed via EU servers (js-eu1.hs-analytics.net, track-eu1.hubspot.com, js-eu1.hs-banner.com, js-eu1.hsadspixel.net, js-eu1.hscollectedforms.net, js-eu1.hubspot.com, perf-eu1.hsforms.com).
Provider: HubSpot Ireland Limited, 1 Sir John Rogerson's Quay, Dublin 2, Ireland
Privacy policy: https://legal.hubspot.com/privacy-policy
Cookie category: Statistics and Marketing
Legal basis: Article 6(1)(a) GDPR (consent)
You can withdraw your consent at any time via our cookie banner.
LinkedIn Insight Tag
The LinkedIn Insight Tag is integrated into our website (px.ads.linkedin.com, snap.licdn.com). It allows us to measure the effectiveness of LinkedIn campaigns (conversion tracking) and to build audiences for retargeting on LinkedIn.
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Cookie category: Marketing
Third country transfer: LinkedIn may also process data in the USA. LinkedIn is certified under the EU-US Data Privacy Framework.
Legal basis: Article 6(1)(a) GDPR (consent)
You can object to data processing by LinkedIn at: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Google services
Google Tag Manager
We use Google Tag Manager (www.googletagmanager.com). Google Tag Manager is a tool that allows us to manage tracking and analytics scripts centrally and integrate them into our website. Google Tag Manager itself sets no cookies and processes no personal data. It does, however, trigger other tags which may themselves collect data.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: https://policies.google.com/privacy
Legal basis: Article 6(1)(f) GDPR (legitimate interest in efficient tag management)
Google Ads and DoubleClick
We use Google Ads with conversion tracking (googleads.g.doubleclick.net, www.google.com, www.google.de). This allows us to measure whether users have carried out a particular action on our website after clicking a Google ad, for example requesting a demo. It also enables remarketing, meaning targeted advertising to website visitors on Google.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: https://policies.google.com/privacy
Cookie category: Marketing
Third country transfer: Google may process data in the USA. Google is certified under the EU-US Data Privacy Framework. EU Standard Contractual Clauses (Article 46 GDPR) are used in addition.
Legal basis: Article 6(1)(a) GDPR (consent)
You can deactivate personalised advertising from Google at: https://adssettings.google.com
External JavaScript libraries (CDN)
Our website loads technical helper libraries from external content delivery networks (CDN). In doing so, your IP address may be transmitted to the respective CDN provider.
Cloudflare CDN (cdnjs.cloudflare.com)
We load the Tiny Slider JavaScript library via the Cloudflare CDN. Tiny Slider is a purely presentational library (slider functionality) and processes no personal data. When the library is loaded, however, your IP address is transmitted to Cloudflare.
Provider: Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA
Privacy policy: https://www.cloudflare.com/privacypolicy/
Third country transfer: USA. Cloudflare is certified under the EU-US Data Privacy Framework.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in the efficient and fast operation of the website)
unpkg.com (AOS, Animate On Scroll)
We load the AOS (Animate On Scroll) JavaScript library via the unpkg.com CDN. AOS is a purely presentational library for scroll animations and processes no personal data. When the library is loaded, your IP address is transmitted to the CDN provider.
Provider: unpkg.com is operated by Cloudflare.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in the efficient operation of the website)
Please note: we are reviewing whether these external CDN resources can be replaced by locally hosted libraries in the medium term, in order to minimise third country transfers.
Social media and LinkedIn
We maintain presences on social networks, in particular on LinkedIn. If you visit our social media profiles, the privacy terms of the respective provider apply. For LinkedIn, the responsible entity is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
We point out that LinkedIn also processes user data in the USA. LinkedIn is certified under the EU-US Data Privacy Framework.
LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy
Processors
We engage the following processors, with whom we have concluded data processing agreements in accordance with Article 28 GDPR:
| Provider | Purpose | Location |
|---|---|---|
| HubSpot, Inc. | Website hosting, CRM, email, forms, analytics, tracking | USA (EU establishment: Ireland) |
| Usercentrics A/S (Cookiebot) | Consent management (cookie consent) | Denmark |
| Google Ireland Limited | Google Tag Manager, Google Ads, conversion tracking | Ireland, and USA where applicable |
| LinkedIn Ireland Unlimited Company | LinkedIn Insight Tag, conversion tracking, retargeting | Ireland, and USA where applicable |
| Cloudflare, Inc. | CDN (Tiny Slider, AOS library) | USA |
Changes to this privacy policy
We reserve the right to amend this privacy policy if legal requirements or our data processing practices change. The current version is always available on our website. We recommend reviewing this privacy policy regularly.
Last updated: July 2026
This is a translation of the German original, provided for information purposes. In the event of any discrepancy, the German version prevails.