Privacy policy


Privacy policy of Shark Systems IT GmbH

I. General notes

With this data protection information we inform you (in the following text also referred to as "user" or "data subject") in a general way about the data processing of our company and in a special way about the data processing in the context of a visit to our website, when contacting us by e-mail or telephone as well as in the context of an application for job offers published on our website or by third parties. The term "data processing" always refers to the processing of personal data.

The protection of your personal data is an important concern for us. In principle, the internet pages of Shark Systems IT GmbH can be used without any indication of personal data. However, if a person concerned wishes to make use of special services of our company via our website, it may become necessary to process personal data. If it is necessary to process personal data and there is no legal basis for such processing, we will obtain the consent of the person concerned beforehand.

You have the right to receive information free of charge about the origin, recipient and purpose of your stored personal data at any time. Furthermore, you have the right to demand the correction, blocking or deletion of your data. In such cases, as well as for all questions regarding data protection, you can contact the person responsible for the data or our data protection officer at any time (data can be found below under II. and III.). You also have the right to complain to the responsible supervisory authority.

Furthermore, under certain circumstances, you can demand that the processing of your personal data be restricted. All your rights and details can be found below in the data protection declaration under "VI. Your rights".

II Responsible body

The person responsible in accordance with Art. 4 No. 7 GDPR within the meaning of the European Data Protection Basic Regulation, other data protection laws applicable in the member states of the European Union, above all the national Federal Data Protection Act and other provisions of a data protection nature is the:

Shark Systems IT GmbH
Im Steinbügel 18
60435 Frankfurt am Main
Phone: +49 (0)69 - 59 60 89 29
e-mail: info@cov-id.com

Responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

III. Definitions

This data protection declaration of Shark Systems IT GmbH is based on the terminology used by the European legislator for directives and regulations when the GDPR was issued. Our data protection declaration should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

1. Personal data and person concerned

According to Art. 4 No. 1 GDPR, "personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Data processing

Pursuant to Art. 4 No. 2 GDPR, "processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. Limitation of processing

According to Art. 4 No. 3 GDPR, "restriction of processing" means the marking of stored personal data with the aim of restricting their future processing.

4. Profiling

Pursuant to Art. 4 No. 4 GDPR, "profiling" means any automated processing of personal data consisting in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movements of that natural person;

5. Pseudonymisation

Pursuant to Art. 4 No. 5 GDPR, "pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.

6. File system

Pursuant to Art. 4 No. 6 GDPR, "file system" means any structured collection of personal data accessible according to specific criteria, regardless of whether this collection is managed centrally, decentrally or according to functional or geographical criteria;

7. Controller or data controller

Pursuant to Art. 4 No. 7 GDPR, "controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down by Union law or by the law of the Member States, provision may be made for the controller or for the specific criteria for his or her designation under Union law or the law of the Member States.

8. Processors

According to Art. 4 No. 8 GDPR, "processor" means a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller.

9. Recipient

According to Art. 4 No. 9 GDPR, "recipient" means a natural or legal person, authority, institution or other body to whom Personal Data is disclosed, regardless of whether it is a third party or not. 2Authorities which may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States shall not, however, be considered as recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection provisions, in accordance with the purposes of the processing.

10. Third party

Pursuant to Art. 4 No. 10 GDPR, "third party" means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorised to process the personal data.

11. Third country

'Third country' or 'third countries' means countries outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation.

12. Consent

Pursuant to Art. 4 No. 11 GDPR, "consent" of the data subject means any freely given, informed and unequivocal expression of will in the specific case, in the form of a declaration or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

IV. Relevant legal bases

In accordance with Art. 13 GDPR, we will inform you of the legal basis on which the data processing is carried out.

The following applies to users from the European Union and the European Economic Community, unless the legal basis is stated separately in the data protection declaration:

  • Obtaining consent is based on Art. 6 Para. 1 lit. a and Art. 7 GDPR.
  • Processing for the purpose of fulfilling our services and carrying out contractual measures as well as answering enquiries is based on Art. 6 Para. 1 lit. b GDPR.
  • The processing for the fulfilment of our legal obligations is based on Art. 6 para. 1 lit. c GDPR;
  • Should vital interests of the data subject or another natural person make it necessary to process personal data, this is based on Art. 6 para. 1 lit. d GDPR.
  • Art. 6 para. 1 lit. e FADP is the legal basis for the processing of data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Processing to safeguard our legitimate interests is based on Art. 6 para. 1 lit. f GDPR.
  • Processing of data for purposes other than those for which they were collected is based on the provisions of Art. 6 para. 4 GDPR.
  • Processing of special categories of data (analogous to Art. 9 para. 1 GDPR) is based on the requirements of Art. 9 para. 2 GDPR.

V. Your rights

You are entitled to the following rights with regard to your data:

1. Right of information

The data subject shall have the right to obtain from the controller confirmation as to whether personal data relating to him/her are being processed; if this is the case, he/she shall have the right to be informed of such personal data and to receive the following information:

(a) the processing purposes;

(b) the categories of personal data processed;

(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;

(d) if possible, the envisaged duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration;

(e) the existence of a right of rectification or erasure of personal data relating to him or her or of a restriction on processing by the controller or a right to object to such processing;

(f) the existence of a right of appeal to a supervisory authority;

(g) where the personal data are not collected from the data subject, any available information as to their source;

h) the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) FADP, and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.

If personal data are transferred to a third country or to an international organisation, the data subject has the right to be informed of the appropriate safeguards in accordance with Article 46 FADP in connection with the transfer.

2. Right of rectification

The data subject shall have the right to obtain from the controller the rectification without delay of inaccurate personal data concerning him/her. Having regard to the purposes of the processing, the data subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

3. Right of cancellation ("right to be forgotten")

1. The data subject shall have the right to request the controller to delete personal data relating to him/her without undue delay and the controller shall be obliged to delete personal data without undue delay if one of the following reasons applies:

(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed

b) the data subject withdraws the consent on which the processing was based pursuant to Article 6 paragraph 1 letter a) or Article 9 paragraph 2 letter a) GDPR and there is no other legal basis for the processing.

c) the data subject objects to the processing pursuant to Art. 21 para. 1 FADP and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing pursuant to Art. 21 para. 2 FADP.

(e) deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject

f) The personal data has been collected in relation to information society services offered, in accordance with art. 8 para. 1 GDPR.

2. Where the controller has made the personal data public and is obliged to delete them in accordance with paragraph 1, he shall take reasonable measures, including technical measures, taking into account available technology and implementation costs, to inform controllers who process the personal data that a data subject has requested them to delete all links to those personal data or to make copies or replications of them.

3. Paragraphs 1 and 2 shall not apply insofar as the processing is necessary

(a) to exercise the right to freedom of expression and information

(b) to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

c) for reasons of public interest in the field of public health pursuant to Art. 9, para. 2, letters h) and i) and Art. 9, para. 3 FADP;

d) for archival, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1, insofar as the right referred to in para. 1 is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or

(e) to assert, exercise or defend legal claims.

4. the right to limit processing

1. The data subject shall have the right to obtain from the controller the restriction of processing if one of the following conditions is met:

(a) the accuracy of the personal data is disputed by the data subject, for a period enabling the controller to verify the accuracy of the personal data

(b) the processing is unlawful and the data subject refuses to have the personal data deleted and requests instead that the use of the personal data be restricted;

(c) the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the purpose of exercising or defending legal claims; or

d) the data subject has lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR, as long as it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.

2. If processing has been restricted in accordance with paragraph 1, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.

5. Right to data portability

1. The data subject shall have the right to obtain the personal data concerning him/her which he/she has supplied to a controller in a structured, standard and machine-readable format and the right to have such data communicated to another controller without interference by the controller to whom the personal data have been supplied, provided that

a) the processing is based on a consent pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR, and

(b) the processing is carried out by means of automated procedures.

2. In exercising his or her right to transfer data in accordance with paragraph 1, the data subject shall have the right to obtain that personal data be transferred directly from one controller to another controller in so far as this is technically feasible.

The right referred to in paragraph 1 shall not prejudice the rights and freedoms of other persons.

This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

6. Right of objection

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out pursuant to Article 6(1)(e) or (f) FADP, including profiling based on these provisions. The controller shall no longer process the personal data unless he can demonstrate compelling legitimate reasons for processing which outweigh the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defend legal claims.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

If the data processing is carried out on the basis of Art. 6 para. 1 letter e or f FADP, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, including an objection based on these provisions

supported profiling. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves the assertion, exercise or defence of legal claims (objection pursuant to Art. 21 para. 1 GDPR).

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is connected with such direct marketing. If you object, your personal data will no longer be used for the purpose of direct marketing (objection under Art. 21 para. 2 GDPR).

Notwithstanding Directive 2002/58/EC, in the context of the use of information society services, the data subject may exercise his right of objection by means of automated procedures involving technical specifications.

7. Right of withdrawal

The person concerned has the right to revoke his or her data protection declaration of consent at any time. Revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

8. Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to complain to a supervisory authority, in particular in the Member State in which he/she is resident, works or is suspected of having committed an infringement, if he/she considers that personal data relating to him/her are being processed in breach of this Regulation.

9. Right to restrict processing

1. The data subject shall have the right to obtain from the controller the restriction of processing if one of the following conditions is met:

(a)the accuracy of the personal data is disputed by the data subject, for a period enabling the controller to verify the accuracy of the personal data

(b) the processing is unlawful and the data subject refuses to have the personal data deleted and requests instead that the use of the personal data be restricted;

(c) the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the purpose of exercising or defending legal claims; or

d) the data subject has lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR, as long as it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.

2. Where processing has been restricted in accordance with paragraph 1, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.

VI. notes on the use and data collection of our website

1. SSL encryption

Our site uses SSL encryption for security reasons, especially for the transmission of confidential content, such as orders or inquiries that you send to us as site operator. You can recognise SSL encryption by the fact that the address line of your browser starts with "https://" and a lock symbol appears in the browser line. With SSL encryption, third parties cannot read during data transmission.

2. Hosting and server log files

Our website is maintained by the provider

Mittwald CM Service GmbH & Co. KG
Königsberger Strasse 4-6
32339 Espelkamp

The location of the servers of our website is Germany. We have worked with

Mittwald CM Service GmbH & Co. KG has concluded a contract for the processing of orders and this obliges them to protect the data of users of our website and not to pass them on to third parties. Furthermore, we have commissioned Mittwald CM Service GmbH & Co. KG to take appropriate technical and organizational measures to reduce the risk of misuse of personal data.

This website collects and stores on the Internet server log file information that your browser sends to us. This means that when you call up our website, the following data is collected, which is technically necessary for us to enable you to view our website and to ensure its stability and security:

IP address Date and time of the request
Time zone difference to GMT
Content of the websiteAccess status (HTTP status)
Transferred amount of data
Website, from which you have reached our website
Web browser
Operating system
Language and version of the browser.

The aforementioned data is also stored in so-called log files on our servers. These data is not stored together with other personal data of yours. An evaluation of this data for marketing purposes does not take place.

The legal basis for the collection and temporary storage of the aforementioned data and log files is Art. 6 para. 1 p. 1 lit. f DSGVO.

The aforementioned data for the provision of our website will be deleted when the respective session has ended. The collection of the above-mentioned data for the provision of our website and the storage of these data in log files is absolutely necessary for the operation of our website. There is no possibility of objection.


VII. Data processing in the context of a contact

1. Contact via website contact form

On our website there is a contact form, with which you can get in touch with us electronically.

If a user takes the opportunity and contacts us via our contact form, the data entered in the input mask is transmitted to us and stored.

These data are:
Name, e-mail address and the transmitted message of the user.

At the time the message is sent, the following data is also stored:
Date and time of sending the message, IP address of the author

During transmission, we use an encrypted connection called Transport Layer Security (TLS) to prevent the information you enter from being intercepted en route to us. Please note that this method is a very effective method of secure data transmission according to the current state of technology. However, there is no guarantee that the data cannot nevertheless be intercepted by third parties during transmission.

The processing of the data from the input mask of the contact form serves only to process the contact. We use the data exclusively for reading your request and contacting you. Your data will not be forwarded to third parties.

The other data processed during the sending process, namely date, time and IP address, serve to prevent misuse of our contact form and - also within the scope of Art. 32 DSGVO - as a technical precaution to ensure the security of our IT systems.  The data transmitted to us via the input mask of the contact form will be deleted after the purpose of their processing has been achieved. This is the case when the conversations between the person concerned and us have finally ended. The conversation is terminated when it is clear from the circumstances that the matter has been finally clarified.  The data "date and time" and "IP address", which are processed and stored during the sending process, are automatically and irrevocably deleted after seven days.  Affected users have the right to revoke their consent to the processing of personal data given in the contact form at any time.

The contact form only records the information provided therein once the user has expressly given his consent to the processing of his data and confirms that he agrees with our present data protection declaration.

The legal basis for the processing of personal data via the contact form is thus Art. 6 para. 1 lit. f DSGVO.

2. Contact by e-mail

The processing of the data that you provide us with by contacting us by e-mail or fax serves the sole purpose of recording your request and contacting you.

The legal basis for the processing of the data transmitted in the course of sending an e-mail or fax is Art. 6 para. 1 letter f DSGVO. If the e-mail or fax is intended to conclude a contract with us, the additional legal basis for processing is Art. 6 para. 1 lit. b DSGVO.

The data transmitted to us by e-mail or fax will be deleted after the purpose of their processing has been achieved. This is the case when the conversation between the person concerned and us has finally ended. The conversation is terminated when it is clear from the circumstances that the matter has been finally clarified.

The person concerned can object to the storage of his or her personal data at any time. In such a case, we cannot conduct a conversation with the affected user. The revocation can be declared in text form, e.g. by e-mail or fax, but also orally or by telephone.  All personal data stored in the course of the contact will be irrevocably deleted in this case.

3. Contacting us by letter and fax

If you send us a letter or a fax, the data transmitted by you (e.g. surname, first name, address) and the information contained in the letter or fax, together with any personal data you may have transmitted, will be stored for the purpose of establishing contact and processing your request.

The legal basis for the processing of personal data in the context of letters and faxes sent to us is Art. 6 para. 1 lit. b or lit. f GDPR.

VIII. Newsletter

We use the services of MailChimp for sending newsletters. Provider is the

Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service that can be used to organize and analyze the sending of newsletters, among other things. If you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on the servers of MailChimp in the USA.  MailChimp is certified according to the "EU-US-Privacy-Shield". The "Privacy-Shield" is an agreement between the European Union (EU) and the USA, which is intended to ensure compliance with European data protection standards in the USA.  With the help of MailChimp we can analyse our newsletter campaigns. When you open an e-mail sent with MailChimp, a file contained in the e-mail (so-called web-beacon) connects to the servers of MailChimp in the USA. This way it can be determined whether a newsletter message has been opened and which links have been clicked on. Furthermore, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.  If you do not want to receive any analysis by MailChimp, you have to unsubscribe the newsletter. For this purpose we provide a corresponding link in every newsletter message. Furthermore you can unsubscribe the newsletter directly on the website.  The data processing is based on your consent (art. 6 para. 1 lit. a DSGVO) and our legitimate interests in operating a newsletter system (see art. 6 para. 1 lit. f DSGVO).

You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.  The data that you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after the cancellation of the newsletter. Data, which was stored for other purposes (e.g. e-mail addresses for the member area) remain unaffected.

You can contact legal@mailchimp.com and request the inspection, change or deletion of your data.
You can find more details in the privacy policy of MailChimp at: https://mailchimp.com/legal/terms/.

We have a so-called "Data-Processing-Agreement" or an order processing agreement with MailChimp, in which we commit MailChimp to protect the data of our customers and not to pass them on to third parties.

This agreement can be viewed under the following link:
https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/.


IX. Routine deletion and blocking of personal data

The controller shall process and store personal data relating to the data subject only for the time necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or by any other law or regulation to which the controller is subject. If the purpose of storage ceases to apply or if a storage period prescribed by the European Directive and Regulation Giver or any other competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

The criterion for the duration of the storage of personal data is the respective legal retention period. After the period has expired, the corresponding data is routinely deleted if it is no longer required for the fulfilment or initiation of a contract.

Legal or contractual provisions on the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data

We would like to inform you that the provision of personal data is partly required by law (e.g. criminal and tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded that a data subject provides us with personal data, which must subsequently be processed by us. For example, the person concerned is obliged to provide us with personal data if our company concludes a contract with him/her. Failure to provide the personal data would mean that the contract with the person concerned could not be concluded. Before the person concerned makes personal data available, he or she must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.

X. Final provisions

1. content of the online offer

Shark Systems IT GmbH reserves the right not to be responsible for the topicality, correctness, completeness or quality of the information provided. Liability claims against Shark Systems IT GmbH, which refer to material or non-material damage caused by the use or non-use of the information provided or by the use of incorrect or incomplete information, are excluded as a matter of principle, provided that there is no demonstrable intentional or grossly negligent fault on the part of Shark Systems IT GmbH. All offers are subject to change and non-binding. Shark Systems IT GmbH expressly reserves the right to change, supplement or delete parts of the pages or the entire offer without separate announcement or to discontinue publication temporarily or permanently.

2. References and links

Shark Systems IT GmbH is not responsible for any contents linked or referred to from his pages - unless he has full knowledge of illegal contents and would be able to prevent the visitors of his site from viewing those pages. Shark Systems IT GmbH hereby expressly declares that at the time the links were created, no illegal content was discernible on the linked pages. Shark Systems IT GmbH has no influence on the current and future design, content or authorship of the linked pages. Therefore, Shark Systems IT GmbH hereby expressly distances itself from all contents of all linked/connected pages that were changed after the link was set. This statement applies to all links and references set within its own Internet offer. For illegal, incorrect or incomplete contents and in particular for damages resulting from the use or non-use of such information, the provider of the page to which reference is made is solely liable, not the person who merely refers to the respective publication via links.

3. Legal validity of this disclaimer

This disclaimer is to be regarded as part of the internet publication which you were referred from. If sections or individual terms of this statement are not legal or correct, the content or validity of the other parts remain uninfluenced by this fact.