Privacy Policy

March 6, 2018

Threema GmbH (hereafter «Threema») was founded on the premise of bulletproof data protection. It is our primary goal to store only the absolute  minimum of information for the shortest possible time («Privacy by Design»). In addition to using state-of-the-art encryption methods, we take all necessary technical and organizational measures to prevent unauthorized data access and misuse. The processing and protection of data is carried out in accordance with applicable legal regulations and EU Regulation 2016/679 (GDPR).

By using our website, you consent to the collection, processing and use of data as described below.

1. General Information

This Privacy Policy refers to the processing of personal data in connection with the management of Threema Work (hereinafter referred to as «service») on behalf of the customer (hereafter «client»). The service enables clients to acquire and manage licenses for Threema Work, as well as to control and administer the use of the service.

To use the service, the client must create one or more profiles on the service’s website.

2. Purpose of Data Processing

Threema processes personal data to enable clients to access the web administration interface of the service and to process orders. The data processed within the scope of order fulfillment will be processed exclusively by Threema on its own server infrastructure in Switzerland and will not be passed on to third parties.

Threema does not process special categories of personal data as defined by Art. 9 (1) or Art. 10 GDPR. Based on Art. 5 (1) GDPR, personal data is processed solely as a result of self-declaration and only to the extent required for the Use of the Service.

3. Scope and Duration of Data Processing

A. Inventory data

When creating a profile as well as order and payment processing, the following inventory data are collected or stored:

  1. Session Cookie (identifies the current browser session to keep an administrator logged in as long as desired when browsing the website)
  2. Registering a Threema Work profile:
    1. Email address
    2. Threema ID (optional), if used for Two Factor Authentication («2FA») as additional proof of identity when logging into a Threema Work profile. 2FA can also be set up with a different service.
  3. Product purchase:
    1. Company name and address (optional, required only for payments by credit card or invoice)

Except for the legally required data storage for business purposes, inventory data will only be stored until deleted by the client or the client deletes all profiles.

B. Usage data

The following personal data will be processed or stored within the scope of using the service:

  1. License management:
    1. Threema Work Business
      1. Arbitrary credentials used to license the Threema Work app
      2. User overview (consisting of username, Threema ID, nickname, app version, operating system, and timestamp of the latest app activity)
      3. Name and email address of other persons with access privilege to a subscription’s management cockpit
    2. Threema Work Enterprise: Same information as with Threema Work Business, as well as
      1. the name and Threema ID of users an administrator manually adds to the internal contact list.
  2. Support requests contain the email address required to answer the inquirer.

Personal data arising from the use of the service will only be stored until deleted by the client or the client deletes all of his profiles. Deleted data cannot be restored.

4. Data Processed by Third Parties

As a matter of principle, Threema does not pass on any data to third parties.

To prevent misuse by automatically registered profiles, Threema uses the «hCaptcha» service during the registration process. Its use is subject to the data protection declaration of hCaptcha. For more information about hCaptcha’s Privacy Policy, please visit https://www.hcaptcha.com/privacy.

5. Right to Information, Correction, Blocking, Deletion and Appeal

Users have the right to receive information about their personal data stored by Threema at any time. Likewise, they have the right to correct, block, or delete their personal data, apart from the legally required data storage for business purposes.

The user has access to this information and the tools for its appropriate management. Threema will take necessary measures according to user instructions if the user cannot implement them with the tools provided. Administrators can change or revoke their consent with effect for the future with a message to Threema and exercise their right of appeal at the competent authority.

6. Responsible Body

If you have any questions about data protection at Threema or would like to assert your rights, you can contact us directly. Send us an email to privacy@threema.ch.

Responsible body and direct contact for questions on data protection at Threema in terms of data privacy law:

Threema GmbH
Data Protection Officer
Churerstrasse 82
8808 Pfäffikon SZ
Switzerland
privacy@threema.ch

CHE-221.440.104

Representative in the EU according to Art. 27 (1) GDPR: ACC Datenschutz UG, Messestraße 6, 94036 Passau, Germany.

7. Changes to this Privacy Policy

Threema may amend this Privacy Policy from time to time to comply with changed legal requirements or to reflect changes in its business, e.g. the introduction of a new feature or extension of the product range. For your next visit of this website, the new Privacy Policy shall apply.

Disclaimer

This is a mere translation of the German version of this document. In case of any discrepancies between the English and German text, the German version shall prevail.