Privacy Policy

1. General

The Threema Work management cockpit (hereinafter “Threema Work Cockpit”) is a web-based software-as-a-service application for “Business Customers” for the use of “Threema Work,” the business software of Threema GmbH (hereinafter “Threema”).

Aside from the Threema Work Cockpit, Threema Work includes additional applications, namely the “Threema Work App” for mobile devices of “Work Users” and the services “Threema Broadcast” and “Threema Gateway.

The management of Threema Work takes place via the Threema Work Cockpit through “Administrators” appointed by the Business Customer.

In contrast to the Threema Work App, which is used for one-to-one communication between Work Users, the Threema Work Cockpit is a web-based software-as-a-service application that is used for managing access privileges for Work Users and customizations of the Threema Work App by Administrators.

Threema’s focus lies on data protection and privacy, which is why we provide Business Customers and other interested persons with the information for transparent processing of their personal data in this Privacy Policy.

A. Scope of Application

This Privacy Policy applies to all data processing activities that take place while using the Threema Work Cockpit in its latest version and are related to personal data, namely:

A. Calling up the Threema Work Cockpit;
B. Setting up the Customer Account;
C. Managing Administrators;
D. Managing Additional Recipients;
E. Product Updates (Newsletter);
F. Requesting a Trial Subscription;
G. Generating and Accepting Quotations for Subscriptions;
H. Invoicing Subscriptions;
I. Support Requests;
J. Access Management for the Threema Work App;
K. Configuring the Threema Work App (App Configuration);
L. Synchronizing the Threema ID from the Threema Work App (User List);
M. Company Directory for the Threema Work App;
N. Threema Broadcast;
O. Misuse Protection (hCaptcha).

In principle, this Privacy Policy does not apply to the Threema Work App for mobile devices, Threema Broadcast, and Threema Gateway; the three aforementioned applications have their separate privacy policies regarding the processing of personal data. This Privacy Policy for the Threema Work Cockpit is exclusively referring to the three aforementioned applications if particular uses of the Threema Work Cockpit have an effect on personal data in these applications.

Threema as the data controller is a limited liability company under Swiss law with its registered office in Pfäffikon SZ (municipality of Freienbach), Switzerland, and business identification number (hereinafter “UID”) CHE-221.440.104.

When using the Threema Work Cockpit, personal data is, unless stated otherwise in this Privacy Policy, processed and, if necessary, stored exclusively on Threema’s own servers in two data centers of an “ISO 27001”-certified colocation partner located in Zurich, Switzerland (hereinafter “Threema Servers”).

As a company with its registered office in Switzerland, Threema and the data processing it carries out are subject to Swiss data protection law (Federal Act on Data Protection of September 25, 2020, SR 235.1; hereinafter “FADP”). For data subjects residing in the territory of the EU or the EEA (marked with “for EU/EEA”), European data protection law (Regulation (EU) 2016/679 of April 27, 2016, General Data Protection Regulation; hereinafter “GDPR”) may additionally apply.

Personal data pursuant to Art. 5 lit. a FADP [for EU/EEA: Art. 4 No. 1 GDPR] is information that relates to an identified or identifiable natural person.

B. Controller

Threema GmbH
Churerstrasse 82
8808 Pfäffikon SZ
Switzerland

UID: CHE-221.440.104

C. Data Protection Officer

Threema GmbH
Data Protection Officer
Churerstrasse 82
8808 Pfäffikon SZ
Switzerland

Email: privacy at threema dot ch

D. Representative in the EU (Art. 27 GDPR)

ACC Datenschutz UG
Messestrasse 6
94036 Passau
Germany

E. Swiss Supervisory Authority

Federal Data Protection and Information Commissioner (FDPIC)
Feldweg 1
3003 Bern
Switzerland

Telephone: +41 58 462 43 95
Contact form of the FDPIC: Link

2. Processing Activities

Depending on how the Threema Work Cockpit is used, Threema processes different categories of personal data for different purposes, based on different legal bases and with different storage periods, if any personal data is stored at all.

A. Calling Up the Threema Work Cockpit

Processing

When the Threema Work Cockpit as a web-based software is called up, information, including personal data, is automatically sent to the Threema Servers by the browser on the end device of the data subject and stored in a log file.

Categories of Processed Personal Data

When the Threema Work Cockpit is called up, the following personal data is processed on the Threema Servers and stored in log files:

  • IP address.

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

  • Delivery of the Threema Work Cockpit in the browser of the data subject.

Legal Basis

The processing and storage of IP addresses is technically necessary and based on the overriding private interest (delivery of the Threema Work Cockpit in the browser; contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

The processing of the IP address is technically necessary to deliver the Threema Work Cockpit in the browser of the data subject and to enable the Business Customer or their Administrators to use it as contractually agreed.

Storage Period

The log file with the data subject’s IP address created when the Threema Work Cockpit is called up is stored on the Threema Servers for 10 days, counting from the creation date of the log file, and then automatically deleted.

B. Setting up the Customer Account

Processing

In order to access and use the Threema Work Cockpit as a Business Customer, the Business Customer must set up a “Customer Account.

The email address of a Business Customer used to create the Customer Account must be verified in order to activate the Customer Account and access the Threema Work Cockpit.

In addition, a Business Customer is assigned a randomly generated “Customer Number” when creating a Customer Account. It consists of the letters “WK” and a ten-digit sequence of numbers and letters.

Categories of Processed Personal Data

To create a Customer Account, the following personal data is processed and stored on the Threema Servers:

  • Customer Number;
  • Email address of the Business Customer.

To protect the Threema Work Cockpit from misuse, Threema uses a captcha from the hCaptcha service (see Section 2.O.) when a Customer Account is created.

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

  • Use of the Threema Work Cockpit by the Business Customer (contract performance).

Legal Basis

The processing of personal data for the creation of the Customer Account is based on the overriding private interest (use of the Threema Work Cockpit by the Business Customer; contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

The processing of the Business Customer’s personal data is necessary to enable the Business Customer to use the Threema Work Cockpit as contractually agreed.

Storage Period

The personal data stored to set up the Customer Account will be stored on the Threema Servers until revocation, i.e., until deletion of the Customer Account by the Business Customer in the Threema Work Cockpit, and then deleted after 14 days.

If a Business Customer does not have any active subscriptions or any open license orders and has not logged into the Customer Account of the Threema Work Cockpit within 1 year, the Customer Account and all linked personal data will be deleted.

Note: Threema is subject to a statutory retention obligation of 10 years in connection with accounting records and accounting vouchers, including any personal data. In addition, Threema reserves the right to retain all data and documents required for the reconstruction of the contractual relationship with a Business Customer, including any personal data, for the duration of the ordinary period of limitations of 10 years.

C. Managing Administrators

Processing

To use the Threema Work Cockpit, a Business Customer needs to register at least one Administrator per Customer Account. This Administrator does not necessarily have to be the Business Customer themself. Subsequently, additional Administrators may be registered and managed in the Threema Work Cockpit.

The email address of an Administrator used for registration must be verified by the corresponding Administrator in order to activate it for the Threema Work Cockpit.

Categories of Processed Personal Data

For the registration and management of Administrators, the following personal data is processed and stored on the Threema Servers:

  • Email address of the Administrator.

To protect the Threema Work Cockpit from misuse, Threema uses a captcha from the hCaptcha service (see Section 2.O.) when Administrators are registered.

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

  • Use of the contractually agreed functions of the Threema Work Cockpit by the Business Customer (contract performance).

Legal Basis

The processing of personal data for the registration and management of Administrators is based on the overriding private interest (use of the Threema Work Cockpit by the Business Customer; contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

The processing of the Administrator’s personal data is necessary to enable the Business Customer to use the Threema Work Cockpit as contractually agreed.

Storage Period

The personal data stored for the management of Administrators will be stored on the Threema Servers until revocation, i.e., until the personal data of an Administrator is changed or deleted in the Threema Work Cockpit, and then deleted after 14 days.

If the subscription of a Business Customer within which an Administrator has been registered becomes inactive (see Section 2.B.), the personal data of the corresponding Administrator will not be deleted but only deactivated for the time being. After 1 year of inactivity of the corresponding subscription, the personal data of an Administrator will be automatically deleted. If the Business Customer reactivates the corresponding subscription by purchasing new licenses, deactivated email addresses of Administrators will be automatically reactivated.

In case of deletion of the Customer Account by the Business Customer (see Section 2.B.), the personal data stored for the management of Administrators will be deleted after 14 days or immediately, if the Business Customer has never purchased a subscription.

D. Managing Additional Recipients

Processing

Besides Administrators, “Additional Recipients” without administrator rights may be registered and managed in the Threema Work Cockpit within an active subscription to receive system emails from Threema (e.g., invoices).

The email addresses of Additional Recipients must be verified by the corresponding recipient in order to activate them in the Threema Work Cockpit.

Categories of Processed Personal Data

For the registration and management of Additional Recipients, the following personal data is processed and stored on the Threema Servers:

  • Email address of the Additional Recipient.

To protect the Threema Work Cockpit from misuse, Threema uses a captcha from the hCaptcha service (see Section 2.O.) when Additional Recipients are registered.

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

  • Registration and management of Additional Recipients for the receipt of system emails (contract performance).

Legal Basis

The processing of personal data for the registration and management of Additional Recipients is based on the overriding private interest (use of the Threema Work Cockpit by the Business Customer; contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Storage Period

The personal data stored for the management of Additional Recipients will be stored on the Threema Servers until revocation, i.e., until the personal data of an Additional Recipient is changed or deleted in the Threema Work Cockpit, and then deleted immediately.

If the subscription of a Business Customer within which an Additional Recipient has been registered becomes inactive (see Section 2.B.), the personal data of the corresponding Additional Recipient will not be deleted but only deactivated for the time being. After 1 year of inactivity of the corresponding subscription, the personal data of an Additional Recipient will be automatically deleted. If the Business Customer reactivates the corresponding subscription by purchasing new licenses, deactivated email addresses of Additional Recipients will be reactivated automatically.

In case of deletion of the Customer Account by the Business Customer (see Section 2.B), the personal data stored for the management of Additional Recipients will be deleted immediately.

E. Product Updates (Newsletter)

Processing

Threema informs Administrators of the Threema Work Cockpit about new features of the Threema Work Cockpit and other Threema Work applications by means of an email newsletter, the so-called “Product Updates.

An Administrator is automatically signed up for these Product Updates after successful registration in the Threema Work Cockpit.

Administrators may unsubscribe from Product Updates at any time in the Threema Work Cockpit under “Settings > Your admin account > Notifications.”

Categories of Processed Personal Data

To send Product Updates, the following personal data is processed on the Threema Servers:

  • Email address of the Administrator.

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

  • Assistance for optimal use of Threema Work (support);
  • Customer marketing.

Legal Basis

The processing of an Administrator’s email address for sending Product Updates is primarily based on the overriding private interest (support for optimal use of Threema Work; marketing towards existing customers) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

If an Administrator who has unsubscribed from Product Updates in the Threema Work Cockpit later subscribes to them again, the processing of their email address for sending Product Updates is based on their voluntary consent to the processing of this personal data; Art. 31 Sec. 1 FADP [for EU/EEA: Art. 6 Sec. 1 lit. a GDPR].

Necessity

The processing of an Administrator’s email address for sending Product Updates is necessary to support the Business Customer or their Administrator for optimal use of Threema Work, to promote new features and Threema Work applications, and to inform about changes to the terms of use.

Threema refers to the privilege of existing customers when sending Product Updates without prior consent of an Administrator.

Storage Period

The email address for sending Product Updates is processed until revocation, i.e., until cancellation of the subscription in the Threema Work Cockpit by the corresponding Administrator, and is then immediately terminated.

If the subscription of a Business Customer within which an Administrator has subscribed to the Product Updates becomes inactive (see Section 2.B.), the subscription will not be cancelled but only deactivated (the data subject will no longer receive Product Updates). If the Business Customer reactivates the corresponding subscription by purchasing new licenses, deactivated subscriptions for Product Updates and thus the processing of the email address will be reactivated automatically.

The storage period of email addresses of Administrators is set out under Section 2.C. hereinabove, irrespective of the subscription to Product Updates.

F. Requesting a Trial Subscription

Processing

Business Customers may request a trial subscription in the Threema Work Cockpit to temporarily use Threema Work.

Each request is reviewed individually by Threema before the requested trial subscription is approved.

Categories of Processed Personal Data

When a trial subscription is requested, the following personal data is processed and stored on the Threema Servers:

  • Company;
  • Address;
  • Email address of the Business Customer, their Administrators, and their Additional Recipients.

To protect the Threema Work Cockpit from misuse, Threema uses a captcha from the hCaptcha service (see Section 2.O.) when a trial subscription is requested.

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

  • Processing of requests for trial subscriptions (contract performance).

Legal Basis

The processing and storage of personal data when requesting trial subscriptions is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

This data processing is necessary to perform contracts with Business Customers on trial subscriptions for the use of Threema Work.

Storage Period

The company and address of a Business Customer concerned are stored until the deletion of their Customer Account and then immediately deleted, subject to retention rights and obligations (see Section 2.B.).

G. Generating and Accepting Quotations for Subscriptions

Processing

A Business Customer may request quotations for subscriptions in the Threema Work Cockpit at any time. A quotation for a subscription consists of the number of licenses and the desired subscription.

The Threema Work Cockpit automatically creates a quotation based on the information provided by the Business Customer. The price of the quotation is fixed for 30 days, calculated from the time of creation.

If such a quotation is accepted by the Business Customer within the deadline, the Threema Work Cockpit automatically creates an invoice and sends it to the Administrators registered by the Business Customer (see Section 2.H.).

Categories of Processed Personal Data

To create quotations and process them in case of acceptance, the following personal data is processed and stored on the Threema Servers:

  • Company;
  • Address;
  • Email addresses of Administrators.

To protect the Threema Work Cockpit from misuse, Threema uses a captcha from the hCaptcha service (see Section 2.O.) when creating quotations.

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

  • Creation of quotations and their processing in case of acceptance (contract performance).

Legal Basis

The processing and storage of personal data when creating quotations and processing them in case of acceptance by Business Customers is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

This data processing is necessary to perform contracts with Business Customers for subscriptions to use Threema Work.

Storage Period

The company and address of a Business Customer concerned will be stored until the deletion of their Customer Account and then immediately deleted, subject to retention rights and obligations (see Section 2.B.).

If a Business Customer does not accept a quotation within the period of 30 days, calculated from the date of creation, the processing of their personal data within the scope of this quotation is automatically terminated. The Administrators of the Business Customer will be automatically informed about the deletion of the quotation.

The storage period of the email addresses of Administrators is set out under Sections 2.C. hereinabove.

H. Invoicing Subscriptions

Processing

As soon as a Business Customer has accepted a quotation (see Section 2.G.), the data stored in their Customer Account, including personal data, is processed on the Threema Servers for billing purposes.

Invoicing a subscription to the Business Customer is triggered by both the acceptance of quotations (purchase of licenses, upgrade of the subscription) and the renewal of existing licenses.

Categories of Processed Personal Data

To invoice subscriptions, the following personal data is processed on the Threema Servers:

  • Customer Number;
  • Company (optional);
  • Address (optional);
  • Email addresses of Administrators and Additional Recipients.

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

  • Invoicing for subscriptions (contract performance).

Legal Basis

The processing of personal data for invoicing Business Customers is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

This data processing is necessary to perform contracts with Business Customers for subscriptions to use Threema Work.

Storage Period

The company and address of a Business Customer concerned will be stored until the deletion of their Customer Account, and then immediately deleted, subject to retention rights and obligations (see Section 2.B.).

If a Business Customer does not pay an invoice based on a quotation within the applicable payment period, the processing of their personal data within the scope of this invoice is automatically terminated. The Administrators and Additional Recipients of the Business Customer will be automatically informed about the deletion of the invoice.

If the invoice is issued as part of the renewal of existing subscriptions, the personal data of the Business Customer will be further processed by Threema for the purpose of reminders and enforcement of the claim. If a subscription is terminated by a Business Customer prior to its (in principle automatic) renewal, no more personal data will be processed for the creation of new invoices within the scope of the terminated subscription.

The storage period of the email addresses of Administrators and Additional Recipients is set out under Sections 2.C. and 2.D. hereinabove.

I. Support Requests

Processing

Administrators may submit support requests to the Threema staff via a form in the Threema Work Cockpit.

Categories of Processed Personal Data

When submitting a support form, the following personal data is processed on the Threema Servers:

  • Customer Number;
  • Username of the Administrator;
  • Email address of the Administrator.

To protect the Threema Work Cockpit from misuse, Threema uses a captcha from the hCaptcha service (see Section 2.O.).

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

  • Recording, processing, and answering of support requests.

Legal Basis

The processing of personal data for support requests is based on the overriding private interest (use of the Threema Work Cockpit by the Business Customer; contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Storage Period

The support request is stored on the Threema Servers for 6 months and then automatically deleted. If the Administrator submits another support request before the deletion period expires, the 6-month deletion period is reset and starts anew.

The storage period of the personal data of Business Customers and Administrators is set out under Sections 2.B. and 2.C. hereinabove.

J. Access Management for the Threema Work App

Processing

In order for a Work User to use the Threema Work App, access privileges must be created for them by an Administrator. Each access privilege to the Threema Work App requires a valid license as part of an active subscription and consists of a username and a password.

The username may be freely chosen by the Administrator but must be unique on the Threema Servers. The same username cannot already be used by the Administrator of another Business Customer.

With the credentials registered by the Administrator, a Work User may activate and use their Threema Work App.

Categories of Processed Personal Data

For the registration and administration of Work Users, the following personal data is processed and stored on the Threema Servers:

  • Username.

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

  • Use of the contractually agreed functions of the Threema Work App (contract performance).

Legal Basis

The processing of personal data for the registration and administration of Work Users is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

The processing of personal data is necessary to enable Business Customers to use Threema Work as contractually agreed.

Storage Period

The usernames stored for the registration and administration of Work Users are stored on the Threema Servers until revocation, i.e., until change or deletion of a Work User’s username in the Threema Work Cockpit, and then immediately deleted.

If the subscription of a Business Customer, within which a Work User has been registered, becomes inactive, the username of the Work User is not deleted but only deactivated (the data subject may no longer use the Threema Work App). If the Business Customer reactivates the corresponding subscription by purchasing new licenses, deactivated Work User access privileges may be reactivated by Administrators.

In case of deletion of the Customer Account by the Business Customer, the personal data stored for registration and administration of Work Users will be immediately deleted.

K. Configuring the Threema Work App (App Configuration)

Processing

In the Threema Work Cockpit, Administrators have the option to configure the Threema Work App by defining “Configuration Settings” globally (per subscription) or per access privileges of a Work User (per license). These settings are used to configure the Threema Work App of all or only individual Work Users within a subscription, in order to control functions of the Threema Work App or to identify Work Users more easily within the Business Customer’s organization.

In order to synchronize the App Configuration with the data in the Threema Work App on Work Users’ mobile devices, Configuration Settings defined by Administrators are automatically downloaded by the Threema Work App to the mobile device of the Work User and synchronized every 24 hours.

Note: The use of the App Configuration is completely optional; the Business Customer or their Administrators decide what data is processed and stored in the context of the App Configuration.

Categories of Processed Personal Data

When using the App Configuration, the following personal data is processed and stored on the Threema Servers:

  • First name (optional);
  • Last name (optional);
  • Nickname (optional);
  • Category (e.g., job title or department; optional);
  • Customer Specific Identifier (“CSI”, e.g., employee number; optional).

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

  • Use of the contractually agreed functions of the Threema Work Cockpit (contract performance).

Legal Basis

The processing of personal data of Work Users in the context of the App Configuration used by Administrators is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

The processing of personal data is necessary to enable Business Customers to use Threema Work as contractually agreed.

Storage Period

Configuration Settings for a Work User defined by Administrators are stored on the Threema Servers until revocation, i.e., until change or deletion of individual or all Configuration Settings for a Work User in the Threema Work Cockpit, and then immediately deleted.

If the subscription of a Business Customer, with which Configuration Settings for a Work User have been defined, becomes inactive, the Configuration Settings for the Work User will not be deleted but only deactivated (the data subject will no longer be able to use the Threema Work App). After 1 year of inactivity of the corresponding subscription, the Configuration Settings for Work Users will be automatically deleted. If the Business Customer reactivates the corresponding subscription by purchasing new licenses, deactivated access privileges of Work Users including the stored Configuration Settings may be reactivated by Administrators.

L. Synchronizing the Threema ID from the Threema Work App (User List)

Processing

Each Work User’s access privileges within a subscription include an eight-digit, alphanumeric Threema ID, which is randomly generated (along with the public and private keys) when the Threema Work App is set up.

When the Work User uses the Threema Work App, their Threema ID and the optional Configuration Settings (see Section 2.K.) are uploaded to the Threema Servers every 24 hours, linked to the corresponding Work User’s access privileges in the Threema Work Cockpit, and stored. This allows Administrators to create a “User List” of Work Users within the Business Customer’s organization in the Threema Work Cockpit.

Categories of Processed Personal Data

For synchronization of the Threema ID of Work Users, the following personal data is processed and stored on the Threema Servers:

  • Threema ID of the Work User;
  • First name (optional);
  • Last name (optional);
  • Nickname (optional);
  • Category (optional);
  • CSI (optional).

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

  • Use of the contractually agreed functions of the Threema Work Cockpit (contract performance).

Legal Basis

The processing of the Threema ID and Configuration Settings of Work Users is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

The processing of personal data is necessary to enable Business Customers to use Threema Work as contractually agreed.

Storage Period

Threema IDs of Work Users are stored on the Threema Servers until revocation, i.e., until deletion of a Work User’s access privileges in the Threema Work Cockpit by an Administrator, and then immediately deleted.

If the subscription of a Business Customer, within which Threema IDs of Work Users have been stored, becomes inactive, the Threema ID of a Work User will not be deleted but only deactivated (the data subject will no longer be able to use the Threema Work App). After 1 year of inactivity of the corresponding subscription, all personal data linked to the Threema ID of a Work User will be automatically deleted. If the Business Customer reactivates the corresponding subscription by purchasing new licenses, deactivated access privileges of Work Users may be reactivated together with the stored Threema IDs.

Provided they have previously set a “Revocation Password” in the Threema Work App, Work Users can delete their Threema ID at any time. Deletion by Revocation Password also leads to immediate deletion of the Threema ID of the corresponding Work User in the Threema Work Cockpit.

If a Work User changes their mobile device without having backed up their Threema ID first, they have to generate a new random Threema ID when setting up the Threema Work App on their new mobile device. When synchronizing their new Threema ID with the Threema Work Cockpit, their old Threema ID is not deleted but only deactivated, and it remains stored on the Threema Servers until deleted by an Administrator.

The storage period of the optional Configuration Settings is set out under Sections 2.K. hereinabove. If a Work User deletes their Threema ID with the Revocation Password, all Configuration Settings linked with this Threema ID are immediately deleted as well.

M. Company Directory for the Threema Work App

Processing

In the Threema Work Cockpit, Administrators have the option to create a “Company Directory” with the Work Users from the Business Customer’s organization.

An entry in the Company Directory consists of a Threema ID and the corresponding Configuration Settings (see Section 2.K.). Threema IDs can be added to the Company Directory by Administrators either manually or automatically from the User List (see Section 2.L.).

Provided that Work Users have a connection to the Threema Servers, they may access this Company Directory and save individual contacts from it locally in the Threema Work App.

Note: Creating a Company Directory in the Threema Work Cockpit is completely optional; the Business Customer or their Administrators decide what data is processed in the context of using the Company Directory.

Categories of Processed Personal Data

In the context of using the Company Directory, the following personal data is processed on the Threema Servers:

  • Threema ID;
  • First name (optional);
  • Last name (optional);
  • Nickname (optional);
  • Category (optional);
  • CSI (optional).

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

  • Use of the contractually agreed functions of the Threema Work Cockpit (contract performance).

Legal Basis

The processing of personal data of Work Users in the context of the creation of a Company Directory by Administrators and its use is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

The processing of personal data is necessary to enable Business Customers to use Threema Work as contractually agreed.

Storage Period

The processing of personal data in the context of the creation and use of the Company Directory is carried out until revocation, i.e., until change or deletion of personal data in the Company Directory by an Administrator in the Threema Work Cockpit. The storage periods for Threema IDs and Configuration Settings are set out under Sections 2.K. and 2.L. hereinabove.

If a Business Customer’s subscription, within which a Company Directory was created, becomes inactive, the Company Directory will not be deleted but only deactivated. If the Business Customer reactivates the corresponding subscription by purchasing new licenses, a deactivated Company Directory will be automatically reactivated.

N. Threema Broadcast

Processing

A Business Customer may request and use one “Broadcast ID” per subscription (if included in the subscription model).

Once this Broadcast ID has been requested and set up in the Threema Work Cockpit, the Threema IDs stored in the User List (together with the linked Configuration Settings) are synchronized with Threema Broadcast in the Threema Work Cockpit on an hourly basis.

This allows Administrators to use Threema Broadcast to set up groups and distribution lists, for example, for all Work Users who belong to the same department according to the Configuration Settings.

Note: The use of Threema Broadcast in the Threema Work Cockpit is completely optional; the Business Customer or their Administrators decide what data is processed and stored in the context of using Threema Broadcast.

Categories of Processed Personal Data

In the context of using Threema Broadcast, the following personal data is processed and stored on the Threema Servers:

  • Threema ID;
  • First name (optional);
  • Last name (optional).

Purpose

The aforementioned personal data is processed by Threema for the following purposes:

  • Use of the contractually agreed functions of the Threema Work Cockpit (contract performance).

Legal Basis

The processing of personal data of Work Users in the context of using Threema Broadcast is based on the overriding private interest (contract performance) of Threema; Art. 31 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

The processing of personal data is necessary to enable Business Customers to use Threema Work as contractually agreed.

Storage Period

The processing of personal data in the context of using Threema Broadcast is carried out until revocation, i.e., as long as Threema Broadcast is activated in the Threema Work Cockpit. The storage periods for Threema IDs and Configuration Settings are set out under Sections 2.K. and 2.L. hereinabove.

If the subscription of a Business Customer, with which Threema Broadcast was set up, becomes inactive, the personal data processed within Threema Broadcast (e.g., Threema IDs within a distribution list) will not be deleted but only deactivated. If the Business Customer reactivates the corresponding subscription by purchasing new licenses, Threema Broadcast will be automatically reactivated.

O. Misuse Protection (hCaptcha)

Processing

In order to prevent misuse through forms submitted by machines, Threema uses the captcha of the “hCaptcha” service for all forms and login screens used in the Threema Work Cockpit.

hCaptcha is a service of Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA (hereinafter “Intuition Machines”). hCaptcha is “ISO 27001”-certified. Visitors can find more information on data protection at Intuition Machines under this external link.

The USA as the registered office of Intuition Machines and the probable place of data processing of the hCaptcha service is not on the list of states of the under Annex 1 to the Ordinance on Data Protection of August 31, 2022 (“DPO”; SR 235.11); therefore, its legislation does not ensure adequate data protection; Art. 16 Sec. 1 FADP in connection with Art. 8 Sec. 1 DPO.

For this reason, personal data disclosed to Intuition Machines is converted to a one-way encrypted hash value on the Threema Servers before it is disclosed.

Note: No personal data is disclosed to Intuition Machines; identification of Administrators is thereby not possible.

Categories of Processed Personal Data

When solving a captcha, the following personal data is processed on the Threema Servers and disclosed to Intuition Machines in pseudonymized form:

  • IP address (one-way encrypted).

Purpose

The aforementioned personal data is processed by Threema and disclosed to Intuition Machines in pseudonymized form for the following purposes:

  • Information security.

Legal Basis

The processing of IP addresses on the Threema Servers and their disclosure to Intuition Machines in pseudonymized form is based on the overriding private interest (misuse protection) of Threema; Art. 13 Sec. 2 lit. a FADP [for EU/EEA: Art. 6 Sec. 1 lit. b GDPR].

Necessity

This data processing is necessary to prevent misuse through forms in the Threema Work Cockpit submitted by machines.

Storage Period

After their pseudonymization and their disclosure to Intuition Machines in pseudonymized form, the IP addresses of Business Customers or their Administrators are immediately deleted on the Threema Servers.

3. Disclosure of Data to Third Parties

Principally, Threema does not disclose to third parties any personal data that is transmitted by the Business Customer when using the Threema Work Cockpit and that is then processed and stored on the Threema Servers.

Threema reserves the right to disclose personal data to third parties (e.g., lawyers) if it is necessary for the assertion, exercise, or defense of legal claims by Threema.

4. Collection of Data from Third Parties

Principally, Threema does not collect from third parties any personal data that is transmitted by the Business Customer when using the Threema Work Cockpit and then processed and stored on the Threema Servers.

5. Data Security

In addition to using state-of-the-art encryption methods, Threema takes all necessary technical and organizational measures to prevent unauthorized access and misuse of data in the Threema Work Cockpit. The security measures are continuously improved in line with technological developments.

6. Control Options

In addition to the legal claims of data protection law (see Section 7), Threema grants data subjects (Business Customers, Administrators, and Work Users) the following control options over their personal data:

Deletion of All Stored Personal Data of a Customer Account (for Business Customers)

Business Customers may delete all personal data processed and stored within the scope of the Customer Account at any time, unless there is an active subscription, by deleting their Customer Account.

This is subject to Threema’s retention rights and obligations (see Section 2.B.).

Rectification, Completion, and Deletion of Personal Data and Termination of Processing (for Administrators)

Administrators may rectify or complete personal data in the Threema Work Cockpit at any time, terminate their processing, or delete them if they are stored, namely:

  • Company and address data;
  • Personal data of Administrators;
  • Personal data of Additional Recipients;
  • Credentials of Work Users;
  • Old, inactive Threema IDs of Work Users;
  • Configuration Settings for Work Users;
  • Entries of Work Users in the User List;
  • Entries of Work Users in the Company Directory;
  • Personal data in Threema Broadcast.

Information About Inventory Data (for Work Users)

Work Users may access the inventory data, including personal data, stored by Threema and linked to their Threema ID at any time by sending the message “info” to the Threema ID “*MY3DATA.” Work Users can find out more under the following link: https://threema.ch/en/faq/get_my_data

Deletion of All Inventory Data by Revocation (for Work Users)

The Work User may immediately delete their Threema ID and all information linked with it, including personal data, at any time. To do so, the Work User must revoke their Threema ID via the Threema website https://myid.threema.ch/revoke.

The revocation of the Threema ID is irreversible, and a Revocation Password must be set in advance in the Threema Work App.

7. Rights of Data Subjects

Data subjects whose personal data is processed within the scope of using the Threema Work Cockpit can assert various claims under data protection law against Threema.

If Threema processes personal data on behalf of a Business Customer, i.e., as a processor, claims of data subjects under data protection law must be primarily asserted against the Business Customer as the controller of the data processing. Threema will support the Business Customer in the fulfilment of claims under data protection law by data subjects.

In order to fulfil these claims, Threema may have to process personal data of data subjects. In particular, Threema must be able to identify the data subject in order to ensure that the data subject rights are not exercised by anyone other than the data subject and that no personal data is unlawfully disclosed to third parties.

Regarding the processing of personal data when the Threema Work App is used, secure identification of the data subject is only possible via algorithmic proof of possession of the private key associated with the Threema ID via a so-called key derivation. This is ensured in the case of automated inventory data access for Work Users of the Threema Work App via the Threema ID “*MY3DATA.

Depending on the applicable law, data subjects may exercise the following rights in relation to personal data against Threema:

Right to Information

Art. 25 and 26 FADP [for EU/EEA: Art. 15 GDPR]

A data subject has the right to request information about their personal data processed by Threema.

Right to Correction or Completion

Art. 32 Sec. 2 FADP [for EU/EEA: Art. 16 GDPR]

A data subject has the right to request that Threema corrects inaccurate or completes incomplete personal data without undue delay.

Right to Deletion

Art. 30 Sec. 2 FADP [for EU/EEA: Art. 17 GDPR]

A data subject has the right to request that Threema deletes their personal data without undue delay.

Right to Withdrawal of Consent

only for data processing based on consent; Art. 30 Sec. 2 FADP [for EU/EEA: Art. 7 Sec. 3 GDPR]

A data subject has the right to withdraw their consent to the processing of their personal data by Threema. This has the consequence that Threema may no longer continue the data processing based on this consent. The processing of the Business Customer’s personal data by Threema up to this point in time on the basis of the Business Customer’s consent remains lawful.

Right to Objection

only for data processing based on legitimate interests; Art. 30 Sec. 2 FADP [for EU/EEA: Art. 21 GDPR]

A data subject has the right to object to the processing of their personal data by Threema where such personal data is processed based on Threema’s overriding private interests; Art. 31 DSG [for EU/EEA: Art. 6 Sec. 1 lit. f GDPR].

Right to Blocking

Art. 32 FADP [for EU/EEA: Art. 18 GDPR]

For the protection of their personality, a data subject has the right to request that Threema blocks the processing of their personal data.

Right to Data Transfer

Art. 28 and 29 FADP [for EU/EEA: Art. 20 GDPR] [only for data processing based on consent or a contract and with the aid of automated procedures]

A data subject has the right to receive the personal data they have provided to Threema in a structured, commonly used, and machine-readable format, provided that:

  • the processing is based on consent or on a contract; and
  • the processing is carried out with the aid of automated procedures.

8. Timeliness and Amendment of this Privacy Policy

Threema reserves the right to amend this Privacy Policy from time to time in order to comply with changed legal requirements or to implement new features in the Privacy Policy. The current Privacy Policy is always linked in the Threema Work Cockpit.