Last updated 25.08.2025

Privacy policy
of CS Company Shield GmbH

The protection of your privacy is very important to us and we want you to feel safe on our website.

This Privacy Policy applies to all website visitors, applicants, interested parties and customers whose personal data is provided to us in connection with the website visit, an application (via the website or otherwise) or the execution or initiation of a business relationship, insofar as we process personal data for our own purposes. We are the controller in relation to the processing of the personal data listed in this Privacy Policy.

When providing our services to our customers, we process personal data solely on their instructions and act as their data processor. In such cases, our customers remain the data controllers responsible for your personal data. For detailed information about this processing, please contact them directly. The following Privacy Policy is only in relation to our website whereby we act as the controller.

The aforementioned personal data is information that relates to an identified or identifiable natural person (hereinafter "data subject"). This includes in particular your name and your e-mail address, but also data about your use of our website (e.g. your IP address), etc.

Below we inform you about the type, scope and purpose of the personal data processed by us and inform you about the rights to which you are entitled as a data subject.

1. Name and address of the responsible party

The responsible party within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

CS Company Shield GmbH
Max-Urich-Straße 3, AI Campus
13355 Berlin
Germany

Managing Directors: Tom-Christopher Müller, Julius Muth
Email: info@company-shield.de
Phone: +49 152 2473 4131

2. Name and address of data protection officer

The data protection officer of the controller is:

Tom-Christopher Müller
CS Company Shield GmbH
Max-Urich-Straße 3, AI Campus
13355 Berlin
Germany
Email: datenschutz@company-shield.de

3. Type of personal data, purposes of processing, legal basis (in the case of processing by us via the website and outside the website)

3.1 Website visit for informational purposes
If you visit our website for information purposes only, without actively providing personal data, we only store access data in so-called server log files. This includes:

  • the name of the requested file,
  • date and time of the request,
  • the amount of data transferred,
  • browser used,
  • operating system used,
  • IP address,
  • requested URL,
  • referrer URL (URL that you visited immediately before) and
  • the requesting provider

The legal basis for the processing of this personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to enable you to access our website.The personal data listed is automatically collected by our IT systems when you visit our website. Without the processing of personal data (in particular the IP address) for the duration of the session, the website may not be displayed or may only be displayed to a limited extent.

3.2 Website form
On our website, we provide information that enables you to contact us quickly by electronic means and to communicate with us directly. This primarily includes our contact forms. If you contact us by email or using the contact form, the personal data you provide will be stored automatically.
In doing so, we generally process the following personal data from you:

  • First and last name,
  • E-mail address,
  • Company/employer,
  • Telephone number, if applicable, and
  • Personal data contained in your individual contact message.

We use the personal data you provide exclusively for processing your specific inquiry. Your information may be stored in a customer relationship management system (so-called CRM system) or another organizational tool for customer data.The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective conversation with you has ended or a concluded contract is terminated and the data is no longer required.The legal basis depends in this respect on the information that you provide to us when contacting us in the course of sending an email, the contact form or a message. If the contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 lit. b GDPR. If contact is made for other purposes, the legal basis is Art. 6 para. 1 lit. f GDPR.

3.3 Data collection and use for contract processing
In order to initiate or execute the contractual relationship with you, the processing of certain personal data is unavoidable. In connection with the execution of the contract, including any registration within the scope of our awareness building services, we process the following personal data in particular:

  • Name,
  • Company name,
  • Business address,
  • E-mail address,
  • Telephone number and
  • Documents or texts sent by you that contain personal data

and all data necessary for the processing of payments and for the prevention of fraud, in particular

  • Credit card or debit card numbers,
  • any security codes and
  • other billing information.

Insofar as we use this personal data (i) to coordinate the planning, execution, control and administration of your contractual relationship with us, (ii) to provide you with information about your registration or how to make changes in our system or (iii) to carry out payment transactions, the legal basis for these processing operations is Art. 6 (1) lit. b GDPR. 

If, on the other hand, the personal data is used for the settlement of disputes, the enforcement of the contractual agreement and the establishment, exercise or defense of legal claims, the legal basis for this processing is Art. 6 para. 1 lit. b or f GDPR, depending on the claims.

If you have submitted your data for the purpose of initiating a contractual relationship, we may pass it on to our sales partners if they are suitable for your segment. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR.

We collect personal data in connection with the performance of the contract directly from you by providing the personal data yourself when ordering/registering.

After complete processing of the contract, your data will be blocked for further use and deleted after expiry of the statutory retention periods, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you below.

3.4 Interviews for product research and development
Users of our platform services can voluntarily participate in interviews. We use the data collected during interviews for internal purposes in order to further improve our products and services. We may group the results with the answers of other participants in order to share interview results internally. Video recordings and/or audio recordings will only be made if you have consented to this. We delete video recordings after 12 months and all other personal interview data after two (2) years.

The legal basis for storing data in the context of videos is your consent pursuant to Art. 6 (1) lit. a GDPR.

3.5 Google Ads Lead Form Extensions

We use the Google Ads lead form extension service to give you the opportunity to contact us directly via our ads placed on Google Ads. If you provide personal data, this will be stored by Google for 30 days.The legal basis here is primarily your consent pursuant to Art. 6 (1) lit. a GDPR. If your contact is aimed at concluding a contract, the legal basis for the processing is Art. 6 (1) lit. b GDPR.

4. Data Protection Mechanisms

At revel8, we prioritize the security of your personal data, including sensitive information used in our cybersecurity simulations. We implement the following measures to ensure your data is protected:

  • Encryption: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) 1.2 or higher. Sensitive data, such as payment information, is encrypted at rest using AES-256 encryption to prevent unauthorized access.
  • Access Controls: Access to sensitive data is strictly limited to authorized personnel only. We employ role-based access controls and require multi-factor authentication (MFA) for systems handling sensitive information.
  • Data Minimization: We collect and process only the data necessary for the purposes outlined in this policy.
  • No AI Training with User Data: We do not use your personal data to train artificial intelligence models. Your information is used solely for the purposes specified in this policy—such as contract execution, customer support, or cybersecurity simulations—and is never repurposed for AI development.
  • Incident Response: In the rare event of a data breach, we maintain a comprehensive incident response plan to mitigate impacts swiftly and notify affected individuals as required by law.
  • Employee Training: All staff receive regular training on data protection and security best practices to ensure responsible handling of your data.


5. Use of cookies

In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called “cookies” on our website. These are small text files that are stored on your terminal device.

Cookies enable us, for example, to track and determine your preferences and to identify you individually during a visit to our website. At the end of the browser session, most of the cookies we use are deleted again ("session cookies"). Persistent cookies, on the other hand, remain on your device and enable us, for example, to recognize you on your next visit or to analyze your usage behavior.

5.1 What is a cookie?
Cookies are small text files sent by us to your computer or mobile device, which enable CS Company Shield GmbH features and functionality. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.

5.2 Does CS Company Shield GmbH use cookies?
Yes. CS Company Shield GmbH uses cookies and similar technologies like single-pixel gifs and web beacons. CS Company Shield GmbH uses both session-based and persistent cookies. CS Company Shield GmbH sets and accesses cookies on the domains operated by CS Company Shield GmbH and its corporate affiliates (collectively, the “Sites”). In addition, CS Company Shield GmbH uses third party cookies that can be reviewed in the Cookie Tables.

5.3 How is CS Company Shield GmbH using cookies?
Some cookies are associated with your account and personal information to remember that you are logged in and which workspaces you are logged into. Other cookies are not tied to your account but are unique and allow us to carry out analytics and customization, among other similar things.
Cookies can be used to recognize you when you visit a Site or use our Services, remember your preferences, and give you a personalized experience that is consistent with your settings. Cookies also make your interactions faster and more secure. Visit our Cookie Tables to learn more.

5.4 Categories of use

  • Personalization/Preference: If you're signed into the Services, cookies help CS Company Shield GmbH show you the right information and personalize your experience.
  • Marketing: CS Company Shield Gmbh may use cookies to help deliver marketing campaigns and track their performance (e.g., a user visited revel8.ai and then booked a demo). Similarly, CS Company Shield GmbH’s partners may use cookies to provide us with information about your interactions with their services, but use of those third-party cookies would be subject to the service provider’s policies.
  • Performance, Analytics, and Research: Cookies help CS Company Shield GmbH learn how well the Sites and Services perform. CS Company Shield GmbH also uses cookies to understand, improve, and research products, features, and services, including to create logs and record when you access our Sites and Services from different devices, such as your work computer or your mobile device.
  • Product functionality: CS Company Shield GmbH uses certain cookies within the Services to enable secure and reliable product functionality. These cookies are essential for core features such as user authentication and session management. Without these cookies, the Services may not function properly. A detailed list of these cookies can be provided to all of our customers who are using our products with such cookies in the form of a cookie policy. 

5.5 What third-party cookies does CS Company Shield GmbH use?
You can find a list of the third-party cookies that CS Company Shield GmbH uses on our sites along with other relevant information in the Cookie Tables. CS Company Shield GmbH does its best to keep this table updated, but please note that the number and names of cookies, pixels, and other technologies may change from time to time.

5.6 How are cookies used for advertising purposes?
Cookies and other ad technology such as beacons, pixels, and tags help CS Company Shield GmbH market more effectively to users that may be interested in the Services. They also help with aggregated auditing, research, and reporting.

5.7 What can you do if you don't want cookies to be set or want them to be removed?
You have the option to disable and delete cookies that may not be necessary for the basic functionality of our website. Please note, blocking categories may impact your experience on our website. You may access the Cookie Manager at any time in the footer of our website and in the bottom left corner of your screen.

5.8 Does CS Company Shield GmbH respond to Do Not Track Signals?
Our website respects "Do Not Track" (DNT) signals sent by your browser. If your browser setting indicates that you do not wish to be tracked, we will honor this preference and will not set non-essential cookies (such as analytics or marketing cookies) unless you explicitly consent to them. This ensures that your privacy preferences are respected in accordance with applicable data protection standards.

5.9 Does CS Company Shield GmbH use cookies?
Yes. CS Company Shield GmbH uses cookies and similar technologies like single-pixel gifs and web beacons. CS Company Shield GmbH uses both session-based and persistent cookies. CS Company Shield GmbH sets and accesses cookies on the domains operated by CS Company Shield GmbH and its corporate affiliates (collectively, the “Sites”). In addition, CS Company Shield GmbH uses third party cookies that can be reviewed in the Cookie Tables.

6.1 Cookie tables

6.1 Does Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but that will cause some parts of the site to not work. These cookies do not store any personally identifiable information.

6.2 Performance Cookies
These cookies collect information like which pages are visited most, how users navigate the site, and if they encounter any errors. The data is aggregated and anonymized, helping us improve website functionality, usability, and overall performance.These cookies do not collect personal information that directly identifies individuals. However, from time to time, third-party performance cookies may be present. CS Company Shield GmbH makes every effort to review these cookies but does not share personal data with those third parties.

To view an overview of the privacy of your Google Analytics cookies please go here: https://support.google.com/analytics/answer/6004245.

You may install a Google Analytics opt-out browser add-on by going here: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

6.3 Marketing Cookies
We use marketing tools such as HubSpot and Apollo.io that may set cookies when you interact with our marketing content. For example, when you visit landing pages or open marketing emails. These cookies can collect personal information like your name, browsing behavior on our website, how you arrived here, or interactions with our campaigns. This data helps us evaluate the effectiveness of our marketing efforts and improve the relevance of our communications.Occasionally, third-party cookies also appear in this category. While we strive to monitor and manage them, CS Company Shield GmbH does not always have full control over those cookies and does not share personal data with those third parties.

6.4 Personalization/Preference Cookies
Personalization Cookies help us remember your preferences and settings to provide a more customized and seamless experience on our website. These cookies store information such as language choices, consent settings, and personalized content preferences. They enable features like remembering your login state, showing relevant ads, or adapting site functionality based on your past interactions. Personalization cookies do not collect personally identifiable information beyond your preferences and enhance your overall browsing experience.

6.5 Third Party Website Cookies
When using our website, you may be directed to other websites for such activities as surveys, to make payment, for job applications, and to view content hosted on those sites such as an embedded video or news article. These websites may use their own cookies. We do not have control over the placement of cookies by other websites you visit, even if you are directed to them from our website.

6.6 How To Control and Delete Cookies

A. Using Your Browser
Many of the cookies used on our website and through emails can be enabled or disabled through our consent tool or by disabling the cookies through your browser. To disable cookies through your browser, follow the instructions usually located within the “Help,” “Tools” or “Edit” menus in your browser. Please note that disabling a cookie or category of cookies does not delete the cookie from your browser unless manually completed through your browser function.

B. Cookies Set in the Past

Collection of your data from our analytics cookies can be deleted. If cookies are deleted, the information collected prior to the preference change may still be used. However, we will stop using the disabled cookie to collect any further information from your user experience.

7. Data deletion and storage period

Unless otherwise specified in the individual sections, the stored personal data will be deleted if you revoke your consent to storage or if knowledge of this data is no longer required to fulfill the purpose for which it was stored. Furthermore, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject.

We regularly check whether the purpose for which the data was stored is still valid and delete your data immediately if this is no longer the case. However, with regard to the relevant data, the deletion will only take place after the expiry of the deadlines of the tax and commercial law regulations.

8. Disclosure of personal data and recipients 

We will not disclose personal data without your express consent, unless there is a legal reason for permission, e.g. if we are legally obliged to disclose data (information to law enforcement agencies and courts; information to public bodies that receive data based on legal regulations, e.g. social insurance agencies, tax authorities, etc.) or if we involve third parties bound to professional secrecy to enforce our claims. We share your personal data with the following recipients:

  • We use processors to process personal data for the above-mentioned purposes, who process the personal data on our behalf. We always retain control over the respective personal data and remain the data controller.
  • For payment processing in the course of orders, we transmit payment details to banks and payment service providers if required by the payment method.
  • We transmit personal data in individual cases to courts, law enforcement agencies, supervisory authorities, other authorities, tax advisors and lawyers, insofar as this is legally permissible and necessary.

9. Your rights 

You have the following rights:

9.1 Right to information
Pursuant to Art. 15 GDPR, you have the right to request information about your personal data stored by us free of charge. This also allows you to obtain a copy of the personal data we process about you and to verify whether we are processing it in a lawful manner.

9.2 Right to rectification
In the event of incorrect data, you have the right to rectification in accordance with Art. 16 GDPR. We are obliged to make the correction without delay.

9.3 Right to restriction of processing
You have the right under Article 18 of the GDPR to request that we restrict processing. This allows you to request the suspension of the processing of your personal information, for example, if you want us to determine its accuracy or the basis for processing.

9.4 Right to deletion
Pursuant to Art. 17 GDPR, you have the right to demand that we delete the personal data concerning you without undue delay if the data is no longer required for the purposes for which it was collected or, if the processing is based on your consent, you have revoked your consent. In this case, we must stop processing your personal data and remove it from our IT systems and databases. A right to deletion does not exist insofar as

  • the personal data may not be deleted or must be processed due to a legal obligation; or
  • the data processing is necessary for the assertion, exercise or defense of legal claims.

9.5 Right to data portability
Pursuant to Art. 20 GDPR, you have the right under certain circumstances to have the personal data concerning you, which you have provided to us, transferred to another controller in a structured, common and machine-readable format.

9.6 Right of objection
You have the right to object to the processing of your personal data insofar as the processing is based on our legitimate interests (or those of a third party) and there are grounds arising from your particular situation on the basis of which you wish to object to the processing on said basis. In particular, you have the right to object if we process your data for direct marketing purposes.

9.7 Right to revoke consent under data protection law
You have the right to revoke your consent to the processing of personal data at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9.8 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

10. Contact

If you have any questions about the collection, processing or use of your personal data, for information, correction, blocking or deletion of data or general questions and suggestions on the subject of data protection, please contact us directly (see 2. Name and address of the data protection officer).

11. Mandatory information according to Article 13 GDPR

In the event of initial contact, we are obliged pursuant to Art. 12, 13 GDPR to provide you with the following mandatory data protection information:

If you contact us by e-mail, we will only process your personal data if there is a legitimate interest in the processing (Art. 6 (1) (f) GDPR), you have consented to the data processing (Art. 6 (1) (a) GDPR), the processing is necessary for the initiation, establishment, content or amendment of a legal relationship between you and us (Art. 6 (1) (b) GDPR) or another legal norm permits the processing. Your personal data will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods under tax and commercial law – remain unaffected. You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to object, to data portability and the right to complain to the competent supervisory authority. Furthermore, you can request the correction, deletion and, under certain circumstances, the restriction of the processing of your personal data. For details, please refer to our privacy policy above.

Status as of August 2025

Activate Your Human Firewall

CS Company Shield GmbH
Merantix AI Campus
Max-Urich-Straße 3
13355 Berlin, Germany

© 2025 Company Shield. All rights reserved.

Privacy PolicyImprintTerms and ConditionsCookies Settings